CVE-2019-10082

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVSS:6.4) (Last Update:2019-09-27)

CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be[…]

CVE-2019-10081

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not[…]

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects[…]

CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)

Red Hat Security Advisory 2019-3901-01

Red Hat Security Advisory 2019-3901-01 - Red Hat OpenShift Application Runtimes provide an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Vert.x 3.8.3 includes security updates, bug[…]

Red Hat Security Advisory 2019-3895-01

Red Hat Security Advisory 2019-3895-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in[…]

Red Hat Security Advisory 2019-3888-01

Red Hat Security Advisory 2019-3888-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

Red Hat Security Advisory 2019-3889-01

Red Hat Security Advisory 2019-3889-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write vulnerability was addressed.

Red Hat Security Advisory 2019-3883-01

Red Hat Security Advisory 2019-3883-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.

The Product Security Blog has moved!

Red Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]

New Red Hat Product Security OpenPGP key

Red Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]

Managing risk in the modern world

Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…]

Security Technologies: ExecShield

The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…]

Insights Security Hardening Rules

Many users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]

RHBA-2019:0500-1: nss-pem bug fix update

Red Hat Enterprise Linux:Updated nss-pem packages that fix one bug are now available for Red HatEnterprise Linux 7.6.

RHBA-2019:0498-1: rear bug fix update

Red Hat Enterprise Linux:Updated rear packages that fix several bugs are now available for Red HatEnterprise Linux 7.

RHBA-2019:0496-1: tuned bug fix update

Red Hat Enterprise Linux:Updated tuned packages that fix two bugs are now available for Red HatEnterprise Linux 7.

RHBA-2019:0484-1: dpdk bug fix update

Red Hat Enterprise Linux:Updated dpdk packages that fix one bug are now available in the Extras channelof Red Hat Enterprise Linux 7.

RHEA-2019:0543-1: new packages: rh-jmc

Red Hat Enterprise Linux:New rh-jmc packages are now available as a part of Red Hat Software Collections3.2 for Red Hat Enterprise Linux 7.

Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure

The Rifatron Intelligent Digital Security System DVR suffers from an unauthenticated and unauthorized live stream disclosure when animate.cgi script is called through Mobile Web Viewer module.

Ubuntu Security Notice USN-4059-1

Ubuntu Security Notice 4059-1 - It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS[…]

Telus Actiontec WEB6000Q Denial Of Service

Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot[…]

RICOH SP 4510DN Printer HTML Injection

An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.

Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker[…]

Debian Security Advisory 4571-1

Debian Linux Security Advisory 4571-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service.

Debian Security Advisory 4569-1

Debian Linux Security Advisory 4569-1 - Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER[…]

Debian Security Advisory 4567-1

Debian Linux Security Advisory 4567-1 - It was discovered that the vhost PMD in DPDK, a set of libraries for fast packet processing, was affected by memory and file descriptor leaks which could result in denial of service.

Debian Security Advisory 4565-1

Debian Linux Security Advisory 4565-1 - This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA (TSX Asynchronous Abort) vulnerability. For affected CPUs, to fully mitigate the vulnerability it is[…]

Debian Security Advisory 4564-1

Debian Linux Security Advisory 4564-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.

SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]

Linux Kernel Local Privilege Escalation

Linux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.

Reliable Datagram Sockets (RDS) Privilege Escalation

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version[…]

MagniComp SysInfo mcsiwrapper Privilege Escalation

This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable[…]

glibc '$ORIGIN' Expansion Privilege Escalation

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the[…]

libidn2 -- roundtrip check vulnerability

libmad -- multiple vulnerabilities

chromium -- multiple vulnerabilities

K2 v2.10.0 released

K2 v2.10.0 is now available to download for Joomla versions 1.5 to 3.x. This release introduces a refreshed backend design as well as feature improvements or additions (like Google Structured Data) and as always, performance improvements everywhere.To install K2 for[…]

[20191002] - Core - Path Disclosure in phpuft8 mapping files

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.6.0 - 3.9.12Exploit type: Path DisclosureReported Date: 2019-November-01Fixed Date: 2019-November-05CVE Number: CVE-2019-18674DescriptionMissing access check in the phputf8 mapping files could lead to an path disclosure.Affected InstallsJoomla! CMS versions 3.6.0 - 3.9.12SolutionUpgrade to version 3.9.13ContactThe JSST at[…]

AllVideos v5.1.0 released - now with Twitch support

Version 5.1.0 of AllVideos is now available, adding support for Twitch and fixing a couple of bugs introduced in v5.0.0.Here's what's been added or changed in this new release of AllVideos:AllVideos now supports Twitch as a 3rd party video provider. You[…]

AllVideos v5.0.0 released - now with web-native media playback

We have just released a major update to AllVideos, version 5.0.0, for Joomla versions 1.5 to 3.x.It introduces web-native media playback with no 3rd party dependencies.Here's what's been added or changed in this new release of AllVideos:AllVideos now supports web-native media only (for[…]

[20190701] - Core - Filter attribute in subform fields allows remote code execution

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.9.7 - 3.9.8Exploit type: Remote Code ExecutionReported Date: 2019-June-20Fixed Date: 2019-July-09CVE Number: CVE-2019-14654DescriptionInadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.Affected InstallsJoomla! CMS versions 3.9.7[…]

[20190601] - Core - CSV injection in com_actionlogs

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.0 through 3.9.6Exploit type: CSV InjectionReported Date: 2019-April-29Fixed Date: 2019-June-11CVE Number: CVE-2019-12765DescriptionThe CSV export of com_actionslogs is vulnerable to CSV injection.Affected InstallsJoomla! CMS versions 3.9.0 through 3.9.6SolutionUpgrade to version 3.9.7ContactThe JSST at the Joomla! Security[…]

[20190603] - Core - ACL hardening of com_joomlaupdate

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.8.13 through 3.9.6Exploit type: Incorrect Access ControlReported Date: 2019-April-10Fixed Date: 2019-June-11CVE Number: CVE-2019-12764DescriptionThe update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.Affected InstallsJoomla! CMS versions 3.8.13 through 3.9.6SolutionUpgrade to version 3.9.7ContactThe JSST[…]

[20190501] - Core - XSS in com_users ACL debug views

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 1.7.0 through 3.9.5Exploit type: XSSReported Date: 2019-April-29Fixed Date: 2019-May-07CVE Number: CVE-2019-11809DescriptionThe debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.Affected InstallsJoomla! CMS versions 1.7.0 through[…]

SocialConnect v1.9.0 released

SocialConnect v1.9.0 has just been released. It mainly improves compatibility with Twitter and LinkedIn API updates (either already in force or soon to be enforced).Here's what's been added or changed in SocialConnect with the release of v1.9.0:Updated for recent Twitter API changes that[…]

Simple Image Gallery Pro v3.6.5 released

Simple Image Gallery Pro v3.6.5 has just been released. This is a feature-improvement release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.5:Added a new "File size limit per uploaded image" option in the component's[…]

Simple Image Gallery Pro v3.6.4 released

Simple Image Gallery Pro v3.6.4 has just been released. This is both a bugfix and feature-improvement release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.4:New galleries added directly via the gallery form will not[…]

Rapicode, Multiple Extensions, Back Door

Rapicode, nultiple extensions, current versions, back doorExtensions affected are:-Rapi Content TickerRapi Content CarouselRapi Cookie ConsentRapi CountdownRapi PreloaderRapi Loading Progress BarRapi Page AnimateAt the moment the back door seems to be loading mining code, it can be used to load arbitrary[…]

Fastball, SQL Injection

Fastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection

Simple Calendar,3.1.9,SQL Injection

Simple Calendar by Fabrizio Albonico, versions 3.1.9 and previous, SQL Injection

JMS Music,1.1.1,SQL Injection

JMS Music by Joomasters, versions 1.1.1 and previous, SQL Injection

Realpin,1.5.04,SQL Injection

Realpin by Marcel Törpe, versions 1.5.04 and previous, SQL Injection

K2 v2.8.0 released

K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…]

K2 Plugin for sh404SEF

A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…]

K2 v3 to be presented in JoomlaDay Brasil 2015

(originally posted in the JoomlaWorks blog) It's been a while, I know. You see, Joomla is not the only organization undergoing changes. So are we :)Part of this change is the introduction of new awesome products for Joomla including new templates,[…]

Videocorso sul componente K2 versione 2.6.9 per Joomla 3

Ciao a tutti. Sono Antonio Mercurio dall'Italia. Per passione mi occupo di realizzare guide in formato e-book disponibili su Amazon e Google Play Store e di videoguide su youtube. Volevo informare la comunità di K2 che ho realizzato un videocorso[…]

Update of the K2 Import / Export tool

The tool to export data from K2 to a CSV file and to import data from a CSV file to K2 just got updated. 2.1 for Joomla 3.x changes: small bugfixesbetter date checksimport/export Hints + Item Parameters 1.3 for Joomla[…]

K2

K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…]

Simple Image Gallery

Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…]

Frontpage SlideShow

NEW VERSION 3.12 released in Oct 2018! Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber[…]

AllVideos

AllVideos (by JoomlaWorks) is truly THE all-in-one media management solution for Joomla and a classic must-have extension for any Joomla based website.Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo,[…]

CVE-2019-13617

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. (CVSS:4.3) (Last Update:2019-07-18)

CVE-2019-12206

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-12208

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-11838

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-09)

CVE-2018-16844

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen'[…]

Security update for ceph 2994

Abstract: Important: Security update for cephPatch: SUSE-Storage-6-2019-2994 CVEs:CVE-2019-10222 Bugs:1135584, 1134444, 1151439, 1150406, 1147132, 1145618, 1151994, 1145617, 1152002, 1149093, 1146656, 1156282, 1145093, 1132767, 1151995, 1151991, 1145759, 1151990, 1151992, 1141174, 1140491, 1137503, 1151993Applies to:Package(s): ceph-iscsi ses-admin_en-pdf ses-deployment_en-pdf ses-manual_enProduct(s):SUSE Enterprise Storage 6Downloads: SUSE[…]

Security update for java-11-openjdk 2998

Abstract: Important: Security update for java-11-openjdkPatch: SUSE-SLE-Module-Basesystem-15-2019-2998 CVEs:CVE-2019-2933, CVE-2019-2981, CVE-2019-2987, CVE-2019-2962, CVE-2019-2989, CVE-2019-2978, CVE-2019-2949, CVE-2019-2975, CVE-2019-2894, CVE-2019-2988, CVE-2019-2958, CVE-2019-2977, CVE-2019-2945, CVE-2019-2999, CVE-2019-2983, CVE-2019-2992, CVE-2019-2964, CVE-2019-2973 Bugs:1152856, 1154212Applies to:Package(s): java-11-openjdk java-11-openjdk-demo java-11-openjdk-devel java-11-openjdk-headlessProduct(s):SUSE Linux Enterprise Server 15Downloads: SUSE Linux Enterprise Server[…]

Security update for haproxy 3002

Abstract: Moderate: Security update for haproxyPatch: SUSE-SLE-Product-HA-15-2019-3002 CVEs:CVE-2019-14241 Bugs:1142529, ECO-546Applies to:Package(s): haproxyProduct(s):SUSE Linux Enterprise High Availability Extension 15Downloads: SUSE Linux Enterprise High Availability Extension 15 for x86-64SUSE Linux Enterprise High Availability Extension 15 for s390xSUSE Linux Enterprise High Availability Extension[…]

Security update for ghostscript 2981

Abstract: Important: Security update for ghostscriptPatch: SUSE-SLE-Module-Basesystem-15-2019-2981 CVEs:CVE-2019-14869 Bugs:1156275Applies to:Package(s): ghostscript ghostscript-devel ghostscript-x11Product(s):SUSE Linux Enterprise Server 15Downloads: SUSE Linux Enterprise Server 15 SP1 for x86-64SUSE Linux Enterprise Server 15 SP1 for s390xSUSE Linux Enterprise Server 15 SP1 for ppc64leSUSE Linux[…]

Security update for enigmail 2982

Abstract: Moderate: Security update for enigmailPatch: SUSE-SLE-Product-WE-15-2019-2982 Bugs:1151317, 1141025Applies to:Package(s): enigmailProduct(s):SUSE Linux Enterprise Workstation Extension 15Downloads: SUSE Linux Enterprise Workstation Extension 15 SP1 for x86-64SUSE Linux Enterprise Workstation Extension 15 for x86-64