(Oct 16) An update is now available for Red Hat JBoss Operations Network. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Archive for October, 2018
(Oct 16) An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Google has made SSL certificates a necessity for websites. Discover the different types and how to choose the best one for you with these SSL certificate tips.
The post SSL certificate tips following Google’s SSL Update appeared first on Plesk.
(Oct 15) Frediano Ziglio reported a missing check in the script to generate demarshalling code in the SPICE protocol client and server library. The generated demarshalling code is prone to multiple buffer overflows. An authenticated attacker can take advantage of this flaw to cause a denial
(Oct 15) Nitin Venkatesh discovered a cross-site scripting vulnerability in moin, a Python clone of WikiWiki. A remote attacker can conduct cross-site scripting attacks via the GUI editor’s link dialogue. This only affects installations which have set up fckeditor (not enabled by default).
(Oct 15) Net-SNMP could be made to crash if it received specially crafted network traffic.
(Oct 15) Several security issues were fixed in Thunderbird.
(Oct 14) Three vulnerabilities were discovered in the Open Ticket Request System which could result in privilege escalation or denial of service. For the stable distribution (stretch), these problems have been fixed in
(Oct 12) This update fixes several vulnerabilities in Imagemagick, a graphical software suite. Various memory handling problems or incomplete input sanitising have been found in the coders for BMP, DIB, PICT, DCM, CUT and PSD.
(Oct 12) Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.
(Oct 12) Git could be made to run programs as your login if it recursivelyopened a malicious git repository.
(Oct 9) An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
(Oct 11) An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
(Oct 11) Magnus Klaaborg Stubman discovered a NULL pointer dereference bug in net-snmp, a suite of Simple Network Management Protocol applications, allowing a remote, authenticated attacker to crash the snmpd process (causing a denial of service).
(Oct 11) ClamAV could be made to crash if it opened a specially crafted file.
(Oct 11) Several security issues were fixed in Tex Live.
(Oct 11) An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
(Oct 11) An update for spamassassin is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
If you’ve ever logged in to WHM as a root-level user, you’ve assuredly seen a box with a notification of a new or improved feature. This dialogue box is known as the “Feature Showcase,” and has allowed us at cPanel to present information about changes to cPanel & WHM. Since its creation, the Feature Showcase was only available for use by cPanel. However, we’ve made some changes to the functionality of the Feature Showcase …
(Oct 10) USN-3781-1 introduced a regression in WebKitGTK+.
(Oct 10) Tomcat could be made to redirect to arbitrary locations.
(Oct 9) An update for nss is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
(Oct 10) Updates for rh-dotnetcore11-dotnetcore, and rh-dotnetcore10-dotnetcore are now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
(Oct 9) An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
(Oct 9) An update for glusterfs is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
Let’s say you need to find hosting for multiple web applications with cPanel backend access so clients cannot access each other’s backends. What can you do to create a secure hosting environment without paying for several different hosting accounts? Why not host it yourself?! Disclaimer: If you have one or two lightweight websites, this probably isn’t the most cost effective route to go, however, if you are currently paying to host several websites and have …
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 2.5.0 through 3.8.12
- Exploit type: CSRF
- Reported Date: 2018-September-26
- Fixed Date: 2018-October-02
- CVE Number: CVE-2018-17858
Description
Added additional CSRF hardening in com_installer actions in the backend.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.8.12
Solution
Upgrade to version 3.8.13
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 1.5.0 through 3.8.12
- Exploit type: ACL Violation
- Reported Date: 2017-December-27
- Fixed Date: 2018-October-02
- CVE Number: CVE-2018-17855
Description
In case that an attacker gets access to the mail account of an user who can approve admin verifications in the registration process he can activate himself.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.8.12
Solution
Upgrade to version 3.8.13
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.1.0 through 3.8.12
- Exploit type: ACL Violation
- Reported Date: 2018-June-20
- Fixed Date: 2018-October-02
- CVE Number: CVE-2018-17857
Description
Inadequate checks on the tags search fields can lead to an access level violation.
Affected Installs
Joomla! CMS versions 3.1.0 through 3.8.12
Solution
Upgrade to version 3.8.13
Contact
The JSST at the Joomla! Security Centre.