CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This[…]

CVE-2019-10098

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVSS:5.8) (Last Update:2019-10-09)

CVE-2019-0197

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the[…]

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the[…]

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)

Red Hat Security Advisory 2021-0734-01

Red Hat Security Advisory 2021-0734-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.

Red Hat Security Advisory 2021-0733-01

Red Hat Security Advisory 2021-0733-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP80. Issues addressed include[…]

Red Hat Security Advisory 2021-0719-01

Red Hat Security Advisory 2021-0719-01 - Red Hat Advanced Cluster Management for Kubernetes 2.0.8 images. Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across[…]

Red Hat Security Advisory 2021-0711-01

Red Hat Security Advisory 2021-0711-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide[…]

Red Hat Security Advisory 2021-0637-01

Red Hat Security Advisory 2021-0637-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include XML injection and information leakage vulnerabilities.

Security Technologies: FORTIFY_SOURCE

FORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all[…]

Security Technologies: Stack Smashing Protection (StackGuard)

In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function[…]

How SELinux helps mitigate risk while facilitating compliance

Many of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform[…]

SPECTRE Variant 1 scanning tool

As part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]

Red Hat’s disclosure process

Last week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]

ZeroShell 3.9.0 Remote Command Execution

This Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar[…]

D-Link DSR-250N Denial Of Service

RedTeam Pentesting discovered a denial of service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script that reboots the device. Version 3.12 is confirmed affected.

Sony IPELA Network Camera Remote Stack Buffer Overflow

Sony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be[…]

Go CGI / FastCGI Transport Cross Site Scripting

The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML data as HTML. This may lead to cross site scripting[…]

Cayin CMS NTP Server 11.0 Remote Code Execution

This Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the system_service.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to[…]

Debian: DSA-4866-1: thunderbird security update

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure.For the stable distribution (buster), these problems have been fixed in

Debian: DSA-4864-1: python-aiohttp security update

Beast Glatisant and Jelmer Vernooij reported that python-aiohttp, a async HTTP client/server framework, is prone to an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website.

Debian: DSA-4862-1: firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.

Debian: DSA-4860-1: openldap security update

A vulnerability in the Certificate List Exact Assertion validation was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of this flaw to cause a denial of service (slapd daemon[…]

Ubuntu Security Notice USN-4530-1

Ubuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.

Debian Security Advisory 4629-1

Debian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.

Debian Security Advisory 4626-1

Debian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.

Debian Security Advisory 4625-1

Debian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

Debian Security Advisory 4620-1

Debian Linux Security Advisory 4620-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and[…]

SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]

Linux Kernel Local Privilege Escalation

Linux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.

Reliable Datagram Sockets (RDS) Privilege Escalation

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version[…]

MagniComp SysInfo mcsiwrapper Privilege Escalation

This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable[…]

chromium -- multiple vulnerabilities

salt -- multiple vulnerabilities

vault -- unauthenticated license read

[20210307] - Core - ACL violation within com_content frontend editing

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.0.0 - 3.9.24Exploit type: ACL violationReported Date: 2020-10-25Fixed Date: 2021-03-02CVE Number: CVE-2021-26027DescriptionIncorrect ACL checks could allow unauthorized change of the category for an article.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.24SolutionUpgrade to version 3.9.25ContactThe JSST at[…]

[20210304] - Core - XSS within the feed parser library

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 2.5.0 - 3.9.24Exploit type: XSSReported Date: 2020-05-05Fixed Date: 2021-03-02CVE Number: CVE-2021-23130DescriptionMissing filtering of feed fields could lead to xss issues.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.24SolutionUpgrade to version 3.9.25ContactThe JSST at the Joomla! Security Centre.Reported By: Bui[…]

[20210303] - Core - XSS within alert messages showed to users

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 2.5.0 - 3.9.24Exploit type: XSSReported Date: 2020-05-07Fixed Date: 2021-03-02CVE Number: CVE-2021-23129DescriptionMissing filtering of messages showed to users that could lead to xss issues.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.24SolutionUpgrade to version 3.9.25ContactThe JSST at the Joomla![…]

[20210301] - Core - Insecure randomness within 2FA secret generation

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.2.0 - 3.9.24Exploit type: Insecure RandomnessReported Date: 2021-01-12Fixed Date: 2021-03-02CVE Number: CVE-2021-23126, CVE-2021-23127DescriptionUsage of the insecure rand() function within the process of generating the 2FA secret.Usage of an insufficient length for the 2FA secret accoring to[…]

Simple RSS Feed Reader v3.8.0 released

Today we're releasing version 3.8.0 of the Simple RSS Feed Reader module. This new release brings back Joomla 1.5 support (by popular request), it introduces a new sub-template & changes the remote image resizing service from Mobify to Images.weserv.nl.Here's what's been[…]

[20210103] - Core - XSS in com_tags image parameters

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions:3.1.0 - 3.9.23Exploit type: XSSReported Date: 2020-09-01Fixed Date: 2021-01-12CVE Number: CVE-2021-23125DescriptionLack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.Affected InstallsJoomla! CMS versions 3.1.0 - 3.9.23SolutionUpgrade to version 3.9.24ContactThe JSST[…]

publisher, 3.0.19, XSS (Cross Site Scripting)

publisher, 3.0.19, 3rd party extension, XSS (Cross Site Scripting)

K2 Plugin for sh404SEF version 1.6.0 released

The K2 Plugin for sh404SEF version 1.6.0 is now available to download for subscribers. This is a bug fix release that addresses compatibility with K2 v2.10.3+ and improves support for PHP 7.x in general.Here's what's been added or changed in the K2 Plugin[…]

Social Chat, 1.5 and Below, SQL Injection Iacopo Guarneri

Social Chat, 1.5 and Below, 3rd party extension, SQL Injection Iacopo Guarneri

Simple Image Gallery Pro

NEW VERSION 3.8 released in June 2020!Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish[…]

AllVideos

AllVideos (by JoomlaWorks) is the universal media player for Joomla and a classic must-have extension for any Joomla based website.Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo, Dailymotion, Twitch,[…]

K2

K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…]

hwdplayer,4.2,SQL Injection

hwdplayer,4.2,SQL InjectionPossible abandonware also

Simple Image Gallery

Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…]

AllVideos v6.0.0 released - now Joomla 4 compatible!

Version 6.0.0 of AllVideos is now available. This is a feature release, which also introduces full support with the upcoming Joomla version 4 release.Here's what's been added or changed in this new release of AllVideos:Fully compatible with the upcoming Joomla[…]

RadioWave v1.2.0 released

RadioWave v1.2.0 has just been released. This is a bugfix and feature-improvement release.Here's what's been added or changed in RadioWave with the release of v1.2.0:Fixed time parsing for the OnAir template override (K2 Content module) which caused the module's output[…]

Retiring the K2 templates section

As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED).We stopped accepting new entries for templates in the KED about 2 weeks ago and this week[…]

K2 v2.10.1 released

K2 v2.10.1 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance release that addresses a few bugs that were introduced with v2.10.0 released a couple weeks ago and we urge everyone using v2.10.0 to[…]

K2 v2.9.0 released

K2 v2.9.0 is now available to download for Joomla 1.5 to 3.x. In short, this release improves compatibility with the latest releases of Joomla 3.8.x & improves frontend performance overall.To install K2 for the first time or update your existing[…]

Rapicode, Multiple Extensions, Back Door

Rapicode, nultiple extensions, current versions, back doorExtensions affected are:-Rapi Content TickerRapi Content CarouselRapi Cookie ConsentRapi CountdownRapi PreloaderRapi Loading Progress BarRapi Page AnimateAt the moment the back door seems to be loading mining code, it can be used to load arbitrary[…]

Fastball, SQL Injection

Fastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection

SquadManagement,1.0.3,SQL Injection

SquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection

K2 v2.8.0 released

K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…]

K2 v2.7.0 released

Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…]

CVE-2019-13067

njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. (CVSS:7.5) (Last Update:2019-07-05)

CVE-2019-12207

njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-11837

njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c. (CVSS:5.0) (Last Update:2019-05-09)

CVE-2019-11839

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-10)

CVE-2018-16845

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a[…]