It was discovered that Flatpak, an application deployment framework for desktop apps, insufficiently restricted the execution of “apply_extra” scripts which could potentially result in privilege escalation.
Comment
Archive for February 12th, 2019
13 results.
As of last week’s update, EasyApache 4 includes a light version of mod_lsapi, a module built and distributed by our friends at CloudLinux. This release is a scaled-back version of the module already distributed by CloudLinux. Anyone already using CloudLinux should use the one distributed by CloudLinux, but for everyone else let’s talk about it! What is mod_lsapi? mod_lsapi is an Apache module based on the LiteSpeed Technologies API that provides significant improvements in speed and …
GVfs could be made to expose sensitive information if it received a specially crafted input.
snapd could be made to run programs as an administrator.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.2
- Exploit type: Object Injection
- Reported Date: 2019-January-18
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7743
Description
The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
Reported By: David Jardin (JSST)
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.2
- Exploit type: XSS
- Reported Date: 2018-October-07
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7740
Description
Inadequate parameter handling in JS code could lead to an XSS attack vector.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
Reported By: Dimitris Grammatikogiannis
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.2
- Exploit type: XSS
- Reported Date: 2019-January-16
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7741
Description
Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
Reported By: Antonin Steinhauser
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.2
- Exploit type: XSS
- Reported Date: 2019-January-17
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7739
Description
“No Filtering” textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
Reported By: Raviraj Powar
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 1.0.0 through 3.9.2
- Exploit type: XSS
- Reported Date: 2018-September-24
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7742
Description
A combination of specific webserver configurations, in connection with specific file types and browserside mime-type sniffing causes a XSS attack vector.
Affected Installs
Joomla! CMS versions 1.0.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
Reported By: Hanno Böck
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.2
- Exploit type: XSS
- Reported Date: 2018-November-13
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7744
Description
Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
Reported By: Antonin Steinhauser
Joomla 3.9.3 Release
Feb12
Joomla 3.9.3 is now available. This is a security fix release for the 3.x series of Joomla which addresses 6 security vulnerabilities and contains 30 bug fixes and improvements.
(Mar 28) An update for openstack-tripleo-common and openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 12.0 (Pike). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
(Mar 28) An update for sensu is now available for Red Hat OpenStack Platform 12.0 Operational Tools for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which