Archive for April 21st, 2020

14 results.

Joomla 3.9.18 Release

Apr21
by Ike on April 21, 2020 at 8:00 pm
Posted In: Uncategorized
Joomla 3.9.18

Joomla 3.9.18 is now available. This is a bugfix release for the 3.x series of Joomla which addresses one bug.

 Comment 

Ubuntu 4335-1: Thunderbird vulnerabilities

Apr21
by Ike on April 21, 2020 at 5:31 pm
Posted In: Uncategorized

Several security issues were fixed in Thunderbird.

 Comment 

Joomla 3.9.17 Release

Apr21
by Ike on April 21, 2020 at 3:00 pm
Posted In: Uncategorized
Joomla 3.9.17

Joomla 3.9.17 is now available. This is a security release for the 3.x series of Joomla which addresses three security vulnerabilities and contains over 40 bug fixes and improvements.

 Comment 

RedHat: RHSA-2020-1513:01 Important: git security update

Apr21
by Ike on April 21, 2020 at 1:49 pm
Posted In: Uncategorized

An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

 Comment 

RedHat: RHSA-2020-1518:01 Important: git security update

Apr21
by Ike on April 21, 2020 at 1:20 pm
Posted In: Uncategorized

An update for git is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

 Comment 

[20200403] – Core – Incorrect access control in com_users access level deletion function

Apr21
by Ike on April 21, 2020 at 1:00 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 2.5.0 – 3.9.16
  • Exploit type: Incorrect Access Control
  • Reported Date: 2020-March-13
  • Fixed Date: 2020-April-21
  • CVE Number: CVE-2020-11889

Description

Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.

Affected Installs

Joomla! CMS versions 2.5.0 – 3.9.16

Solution

Upgrade to version 3.9.17

Contact

The JSST at the Joomla! Security Centre.

Reported By: Hoang Kien from VSEC

 Comment 

[20200402] – Core – Missing checks for the root usergroup in usergroup table

Apr21
by Ike on April 21, 2020 at 1:00 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 2.5.0 – 3.9.16
  • Exploit type: Incorrect Access Control
  • Reported Date: 2020-February-27
  • Fixed Date: 2020-April-21
  • CVE Number: CVE-2020-11890

Description

Inproper input validations in the usergroup table class could lead to a broken ACL configuration.

Affected Installs

Joomla! CMS versions 2.5.0 – 3.9.16

Solution

Upgrade to version 3.9.17

Contact

The JSST at the Joomla! Security Centre.

Reported By: Hoang Kien from VSEC

 Comment 

[20200401] – Core – Incorrect access control in com_users access level editing function

Apr21
by Ike on April 21, 2020 at 1:00 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 3.8.8 – 3.9.16
  • Exploit type: Incorrect Access Control
  • Reported Date: 2020-March-13
  • Fixed Date: 2020-April-21
  • CVE Number: CVE-2020-11891

Description

Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.

Affected Installs

Joomla! CMS versions 3.8.8 – 3.9.16

Solution

Upgrade to version 3.9.17

Contact

The JSST at the Joomla! Security Centre.

Reported By: Hoang Kien from VSEC

 Comment 

Next Level Ops Podcast: Plesk’s Francisco Carvalho Gives the Scoop on the Partner Program

Apr21
by Ike on April 21, 2020 at 11:28 am
Posted In: Uncategorized

The post Next Level Ops Podcast: Plesk’s Francisco Carvalho Gives the Scoop on the Partner Program appeared first on Plesk.

 Comment 

Debian: DSA-4661-1: openssl security update

Apr21
by Ike on April 21, 2020 at 10:19 am
Posted In: Uncategorized

Bernd Edlinger discovered that malformed data passed to the SSL_check_chain() function during or after a TLS 1.3 handshake could cause a NULL dereference, resulting in denial of service.

 Comment 

Ubuntu 4333-1: Python vulnerabilities

Apr21
by Ike on April 21, 2020 at 9:48 am
Posted In: Uncategorized

Several security issues were fixed in Python.

 Comment 

Ubuntu 4334-1: Git vulnerability

Apr21
by Ike on April 21, 2020 at 8:57 am
Posted In: Uncategorized

Git could be made to expose sensitive information.

 Comment 

Debian: DSA-4660-1: awl security update

Apr21
by Ike on April 21, 2020 at 8:11 am
Posted In: Uncategorized

Andrew Bartlett discovered that awl, DAViCal Andrew’s Web Libraries, did not properly handle session management: this would allow a malicious user to impersonate other sessions or users.

 Comment 

Netcraft wins 2020 Queen’s Award for Enterprise

Apr21
by Ike on April 21, 2020 at 12:00 am
Posted In: Uncategorized

Netcraft has today received a Double Queen’s Award for Enterprise.

A Queen’s Award is the highest UK Government award for a British business. It
is awarded on the Queen’s Birthday each year, and, in different times, it would
include an invitation to a mass gathering at Buckingham Palace. The criteria set
by our Government searches for considerable progress sustained over a six year
period. This year, 128 companies received a Queen’s Award for International
Trade and 66 companies a Queen’s Award for Innovation.

Netcraft is one of three companies to receive a Queen’s Award in both
categories. The full list of winners is listed in the Queen’s Awards Press
Book
.

 Comment 

59 queries. 9 mb Memory usage. 1.197 seconds.