New upstream release 0.14.2 which also fixes CVE-2019-3878 and CVE-2019-3877
Comment
Archive for April 9th, 2019
15 results.
update to the bugfix release 3.9.0
update to the bugfix release 3.9.0
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 1.5.0 through 3.9.4
- Exploit type: Directory Traversal
- Reported Date: 2019-March-13
- Fixed Date: 2019-April-08
- CVE Number: CVE-2019-10945
Description
The Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.9.4
Solution
Upgrade to version 3.9.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Haboob Research Team
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: High
- Versions: 3.2.0 through 3.9.4
- Exploit type: ACL Violation
- Reported Date: 2019-March-13
- Fixed Date: 2019-April-08
- CVE Number: CVE-2019-10946
Description
The “refresh list of helpsites” endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.9.4
Solution
Upgrade to version 3.9.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Benjamin Trenkle (JSST)
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Moderate
- Versions: 3.0.0 through 3.9.4
- Exploit type: XSS
- Reported Date: 2019-March-25
- Fixed Date: 2019-April-09
- CVE Number: TBA
Description
The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.9.4
Solution
Upgrade to version 3.9.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Michał Gołębiowski-Owczarek, David Jardin (JSST)
Joomla 3.9.5 Release
Apr09
Joomla 3.9.5 is now available. This is a security fix release for the 3.x series of Joomla which addresses three security vulnerabilities and contains over 20 bug fixes and improvements.
Last year, we shared “7 Ways We’ve Improved Email Hosting on cPanel & WHM” and we looked at some cool features for email accounts. After much improvement, we felt that Plus Addressing was an interesting enough feature to include as a blog post! So what is plus addressing? Known officially as subaddressing, plus addressing delivers mail in a particular way so that you can better organize incoming mail. Additionally, plus addressing is used as a method to …
An update for katello-installer-base which configures qpid-dispatch-router is now available for Red Hat Satellite 6.2 for RHEL 6 and Red Hat Satellite 6.2 for RHEL 7. Red Hat Product Security has rated this update as having a security impact
An update for katello-installer-base which configures qpid-dispatch-router is now available for Red Hat Satellite 6.3 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for katello-installer-base which configures qpid-dispatch-router is now available for Red Hat Satellite 6.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Several security issues were fixed in Wget.
Several security issues were fixed in Wget.
WordPress 5.2 Beta 2
Apr09
WordPress 5.2 Beta 2 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the WordPress 5.2 beta: try the WordPress Beta Tester plugin (you’ll want to […]