Archive for January 15th, 2019

14 results.

Oracle Critical Patch Update Advisory – January 2019

Jan15
by Ike on January 15, 2019 at 7:30 pm
Posted In: Uncategorized
 Comment 

[20190104] – Core – Stored XSS issue in the Global Configuration help url

Jan15
by Ike on January 15, 2019 at 2:45 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-December-05
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6262

Description

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Mario Korth, Hackmanit

 Comment 

[20190103] – Core – Stored XSS issue in the Global Configuration textfilter settings

Jan15
by Ike on January 15, 2019 at 2:45 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-November-29
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6263

Description

Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Sébastien Poirier

 Comment 

[20190102] – Core – Stored XSS in com_contact

Jan15
by Ike on January 15, 2019 at 2:45 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-December-04
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6261

Description

Inadequate escaping in com_contact leads to a stored XSS vulnerability

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Antonin Steinhauser

 Comment 

[20190101] – Core – Stored XSS in mod_banners

Jan15
by Ike on January 15, 2019 at 2:45 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-December-01
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6264

Description

Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Antonin Steinhauser

 Comment 

Joomla 3.9.2 Release

Jan15
by Ike on January 15, 2019 at 2:45 pm
Posted In: Uncategorized
Joomla 3.9.2

Joomla 3.9.2 is now available. This is a security release for the 3.x series of Joomla which addresses 4 security vulnerabilities and contains over 50 bug fixes and improvements.

 Comment 

WordPress 5.0 and Gutenberg – What you should expect

Jan15
by Ike on January 15, 2019 at 7:30 am
Posted In: Uncategorized

The post WordPress 5.0 and Gutenberg – What you should expect appeared first on Plesk.

 Comment 

Fedora 28: nbdkit Security Update

Jan15
by Ike on January 15, 2019 at 6:36 am
Posted In: Uncategorized

(Jan 15) New upstream version 1.4.4. Fix low priority security issue with TLS: https://www.redhat.com/archives/libguestfs/2018-December/msg00047.html

 Comment 

Debian: DSA-4368-1: zeromq3 security update

Jan15
by Ike on January 15, 2019 at 6:07 am
Posted In: Uncategorized

(Jan 14) Guido Vranken discovered that an incorrect bounds check in ZeroMQ, a lightweight messaging kernel, could result in the execution of arbitrary code.

 Comment 

Debian: DSA-4369-1: xen security update

Jan15
by Ike on January 15, 2019 at 5:59 am
Posted In: Uncategorized

(Jan 14) Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-19961 / CVE-2018-19962

 Comment 

Ubuntu 3856-1: GNOME Bluetooth vulnerability

Jan15
by Ike on January 15, 2019 at 5:52 am
Posted In: Uncategorized

(Jan 14) GNOME Bluetooth could allow unintended access to devices.

 Comment 

Ubuntu 3857-1: PEAR vulnerability

Jan15
by Ike on January 15, 2019 at 5:52 am
Posted In: Uncategorized

(Jan 14) XXX FILL ME IN: Summary for regular (non-admin) users XXX

 Comment 

RedHat: RHSA-2019-0049:01 Important: systemd security update

Jan15
by Ike on January 15, 2019 at 5:52 am
Posted In: Uncategorized

(Jan 14) An update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

 Comment 

Fedora 28: gnutls Security Update

Jan15
by Ike on January 15, 2019 at 5:52 am
Posted In: Uncategorized

(Jan 15) Added explicit Requires for nettle >= 3.4.1

 Comment 

59 queries. 8.5 mb Memory usage. 0.532 seconds.