-
CVE-2022-26377
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 00:00 amInconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version[…]
Read more... -
CVE-2022-28614
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 00:00 amThe ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed[…]
Read more... -
CVE-2022-28615
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 00:00 amApache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a[…]
Read more... -
CVE-2022-29404
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 00:00 amIn Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. (CVSS:5.0) (Last Update:2022-07-06)
Read more... -
CVE-2022-30522
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 00:00 amIf Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. (CVSS:5.0) (Last Update:2022-07-06)
Read more... -
CVE-2022-30556
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 00:00 amApache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. (CVSS:5.0) (Last Update:2022-07-06)
Read more... -
CVE-2022-31813
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 00:00 amApache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. (CVSS:7.5) (Last Update:2022-07-06)
Read more... -
CVE-2022-22720
Latest security vulnerabilities Apache Http Server Mar 14, 2022 | 00:00 amApache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVSS:7.5) (Last Update:2022-07-25)
Read more... -
CVE-2022-22721
Latest security vulnerabilities Apache Http Server Mar 14, 2022 | 00:00 amIf LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVSS:6.8) (Last[…]
Read more... -
CVE-2022-23943
Latest security vulnerabilities Apache Http Server Mar 14, 2022 | 00:00 amOut-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVSS:7.5) (Last Update:2022-06-17)
Read more...
-
The Product Security Blog has moved!
Red Hat Security Blog Blog Posts Mar 19, 2019 | 19:38 pmRed Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more... -
New Red Hat Product Security OpenPGP key
Red Hat Security Blog Blog Posts Aug 22, 2018 | 13:30 pmRed Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more... -
SPECTRE Variant 1 scanning tool
Red Hat Security Blog Blog Posts Jul 18, 2018 | 13:30 pmAs part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more... -
Red Hat’s disclosure process
Red Hat Security Blog Blog Posts Jul 10, 2018 | 13:00 pmLast week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more... -
Join us in San Francisco at the 2018 Red Hat Summit
Red Hat Security Blog Blog Posts Apr 23, 2018 | 14:30 pmThis year’s Red Hat Summit will be held on May 8-10 in beautiful San Francisco, USA.Product Security will be joining many Red Hat security experts in presenting and assisting subscribers and partners at the show.Here is a sneak peek at[…]
Read more... -
Certificate Transparency and HTTPS
Red Hat Security Blog Blog Posts Apr 17, 2018 | 15:00 pmGoogle has announced that on April 30, 2018, Chrome will:“...require that all TLS server certificates issued after 30 April, 2018 be compliant with the Chromium CT Policy. After this date, when Chrome connects to a site serving a publicly-trusted certificate[…]
Read more... -
Let's talk about PCI-DSS
Red Hat Security Blog Blog Posts Feb 28, 2018 | 14:30 pmFor those who aren’t familiar with Payment Card Industry Data Security Standard (PCI-DSS), it is the standard that is intended to protect our credit card data as it flows between systems and is stored in company databases.PCI-DSS requires that all[…]
Read more... -
Security is from Mars, Developers are from Venus…...or ARE they?
Red Hat Security Blog Blog Posts Nov 16, 2017 | 15:00 pmIt is a tale as old as time.Developers and security personnel view each other withsuspicion.The perception is that a vast gulf of understanding and ability lies between the two camps.“They can’t possibly understand what it is to do my job!”[…]
Read more... -
Abuse of RESTEasy Default Providers in JBoss EAP
Red Hat Security Blog Blog Posts Oct 18, 2017 | 13:30 pmRed Hat JBoss Enterprise Application Platform (EAP) is a commonly used host for Restful webservices. A powerful but potentially dangerous feature of Restful webservices on JBoss EAP is the ability to accept any media type. If not configured to accept[…]
Read more... -
Kernel Stack Protector and BlueBorne
Red Hat Security Blog Blog Posts Sep 12, 2017 | 11:51 amToday, a security issue called BlueBorne was disclosed, a vulnerability that could be used to attack sensitive systems via the Bluetooth protocol. Specifically, BlueBorne is a flaw where a remote (but physically quite close) attacker could get root on a[…]
Read more...
-
Debian: DSA-5206-1: trafficserver security update
LinuxSecurity Advisories Aug 12, 2022 | 11:05 am
Read more...
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling, cache poisoning or information disclosure. -
Debian: DSA-5205-1: samba security update
LinuxSecurity Advisories Aug 11, 2022 | 15:16 pm
Read more...
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. CVE-2022-2031 -
Debian: DSA-5204-1: gst-plugins-good1.0 security update
LinuxSecurity Advisories Aug 9, 2022 | 15:19 pm
Read more...
Adam Doupe discovered multiple vulnerabilities in the Gstreamer plugins to demux Mastroska and AVI files which could result in denial of service or the execution of arbitrary code. -
Debian: DSA-5203-1: gnutls28 security update
LinuxSecurity Advisories Aug 8, 2022 | 15:26 pm
Read more...
Jaak Ristioja discovered a double-free vulnerability in GnuTLS, a library implementing the TLS and SSL protocols, during verification of pkcs7 signatures. A remote attacker can take advantage of this flaw to cause an application using the GnuTLS library to crash[…] -
Debian: DSA-5202-1: unzip security update
LinuxSecurity Advisories Aug 8, 2022 | 11:26 am
Read more...
Sandipan Roy discovered two vulnerabilities in InfoZIP's unzip program, a de-archiver for .zip files, which could result in denial of service or potentially the execution of arbitrary code. -
Debian: DSA-5200-1: libtirpc security update
LinuxSecurity Advisories Aug 7, 2022 | 04:56 am
Read more...
It was discovered that libtirpc, a transport-independent RPC library, does not properly handle idle TCP connections. A remote attacker can take advantage of this flaw to cause a denial of service. -
Debian: DSA-5201-1: chromium security update
LinuxSecurity Advisories Aug 7, 2022 | 04:50 am
Read more...
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. -
Debian: DSA-5199-1: xorg-server security update
LinuxSecurity Advisories Aug 6, 2022 | 11:16 am
Read more...
Jan-Niklas Sohn discovered that multiple input validation failures in the Xkb extension of the X.org X server may result in privilege escalation if the X server is running privileged. -
Debian: DSA-5198-1: jetty9 security update
LinuxSecurity Advisories Aug 2, 2022 | 07:01 am
Read more...
Two security vulnerabilities were discovered in Jetty, a Java servlet engine and webserver. CVE-2022-2047
-
Tomcat -- XSS in examples web application
FreeBSD VuXML Aug 14, 2022 | 00:00 am
Read more... -
XFCE tumbler -- Vulnerability in the GStreamer plugin
FreeBSD VuXML Aug 12, 2022 | 00:00 am
Read more... -
varnish -- Denial of Service Vulnerability
FreeBSD VuXML Aug 10, 2022 | 00:00 am
Read more... -
rsync -- client-side arbitrary file write vulnerability
FreeBSD VuXML Aug 10, 2022 | 00:00 am
Read more... -
FreeBSD -- Out of bound read in elf_note_prpsinfo()
FreeBSD VuXML Aug 10, 2022 | 00:00 am
Read more... -
FreeBSD -- Missing bounds check in 9p message handling
FreeBSD VuXML Aug 10, 2022 | 00:00 am
Read more... -
FreeBSD -- Memory disclosure by stale virtual memory mapping
FreeBSD VuXML Aug 10, 2022 | 00:00 am
Read more... -
FreeBSD -- AIO credential reference count leak
FreeBSD VuXML Aug 10, 2022 | 00:00 am
Read more... -
gnutls -- double free vulnerability
FreeBSD VuXML Aug 9, 2022 | 00:00 am
Read more... -
wolfssl -- multiple issues
FreeBSD VuXML Aug 8, 2022 | 00:00 am
Read more...
Dazu zählen z.B. Web Application Firewalls (WAF), die auch kostenlos erhältlich sind und durchaus einen sinnvollen, zusätzlichen Schutz bieten können. Zumindest kann sogenannten 'Script-Kiddies' der Spass deutlich erschwert werden.
-
Simple Image Gallery Pro
Updated Extensions - JoomlaWorks Mar 3, 2022 | 19:05 pm
Read more...
NEW VERSION 3.9 released in July 2021!Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish[…] -
SocialConnect
Updated Extensions - JoomlaWorks Mar 3, 2022 | 19:05 pm
Read more...
SocialConnect is the only Joomla extension that allows you to integrate your Joomla site with social networks and identity providers for user authentication, posting content directly to social networks and 3rd-party comment system integration. Features Let your users register to[…] -
Frontpage SlideShow
Updated Extensions - JoomlaWorks Mar 3, 2022 | 19:04 pm
Read more...
Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber cool slideshow with text snippets laying on[…] -
Simple Image Gallery
Updated Extensions - JoomlaWorks Jan 7, 2022 | 20:46 pm
Read more...
Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…] -
Simple Image Gallery (free) v4.2 released
Blog - JoomlaWorks Jan 7, 2022 | 20:20 pm
Read more...
Simple Image Gallery (free) version 4.2 is now available to download. This is a maintenance release. Here's what's been added or changed in Simple Image Gallery (free) with the release of v4.2: Resolves fatal PHP error in Joomla 4 caused[…] -
Simple Image Gallery Pro v3.9.1 released (bug-fix release)
Blog - JoomlaWorks Jul 26, 2021 | 14:21 pm
Read more...
Simple Image Gallery Pro v3.9.1 is now available to download for subscribers. This is a minor bug-fix release following the release of version 3.9.0 a couple weeks ago. For a detailed look on the new features and changes in v3.9.0,[…] -
Simple Image Gallery Pro v3.9.0 released
Blog - JoomlaWorks Jul 5, 2021 | 16:59 pm
Read more...
Simple Image Gallery Pro v3.9.0 is now available to download for subscribers. It's both a bug-fix and new feature release. Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.9.0: SIGPro will now read[…] -
Simple RSS Feed Reader
Updated Extensions - JoomlaWorks May 25, 2021 | 08:54 am
Read more...
Adding RSS/Atom syndicated content inside your Joomla website is now super-easy and simple with the 'Simple RSS Feed Reader' module from JoomlaWorks. All you have to do is add a few feeds to the module parameters, publish the module in[…] -
Simple RSS Feed Reader v3.9.0 released
Blog - JoomlaWorks May 25, 2021 | 08:47 am
Read more...
Today we're releasing version 3.9.0 of the Simple RSS Feed Reader module. This is a bugfix release. Here's what's been added or changed (in more detail) with the release of v3.9.0: Fix the installer for Joomla 3.x on new installations.[…] -
Simple RSS Feed Reader v3.8.0 released
Blog - JoomlaWorks Feb 3, 2021 | 15:42 pm
Read more...
Today we're releasing version 3.8.0 of the Simple RSS Feed Reader module. This new release brings back Joomla 1.5 support (by popular request), it introduces a new sub-template & changes the remote image resizing service from Mobify to Images.weserv.nl. Here's what's[…] -
Improve the performance of your Joomla articles (part 1)
Blog - JoomlaWorks Dec 4, 2020 | 16:44 pm
Read more...
The performance of the default article system in Joomla really sucks big time, that's a well know fact. It''s actually one of the reasons we built K2 in the first place. And as we venture into Joomla 4 territory, instead[…] -
K2 Plugin for sh404SEF version 1.6.0 released
Blog - JoomlaWorks Sep 14, 2020 | 17:28 pm
Read more...
The K2 Plugin for sh404SEF version 1.6.0 is now available to download for subscribers. This is a bug fix release that addresses compatibility with K2 v2.10.3+ and improves support for PHP 7.x in general. Here's what's been added or changed in the K2[…] -
K2 Plugin for sh404SEF
Updated Extensions - JoomlaWorks Sep 14, 2020 | 17:28 pm
Read more...
A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…] -
Simple Image Gallery Pro v3.8.0 released
Blog - JoomlaWorks Jun 10, 2020 | 15:51 pm
Read more...
Simple Image Gallery Pro v3.8.0 is now available to download for subscribers. This new release improves upon existing features, extends Flickr support to galleries (beyond albums/sets) and adds PHP 7.4 & Postgres compatibility. Here's what's been added or changed in Simple[…] -
AllVideos
Updated Extensions - JoomlaWorks May 22, 2020 | 14:22 pm
Read more...
AllVideos (by JoomlaWorks) is the universal media player for Joomla and a classic must-have extension for any Joomla based website. Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo, Dailymotion,[…] -
AllVideos 6.1.0 now available - adds Mixcloud support
Blog - JoomlaWorks May 22, 2020 | 14:13 pm
Read more...
Version 6.1.0 of AllVideos is now available. This new release introduces support for Mixcloud embeds and improves support for PHP 7.4. Here's what's been added or changed in this new release of AllVideos: Added support for Mixcloud embeds. Just use[…] -
K2
Updated Extensions - JoomlaWorks Apr 29, 2020 | 22:47 pm
Read more...
K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…] -
K2 v2.10.3 now available
blog Apr 29, 2020 | 20:21 pm
Read more...
K2 v2.10.3 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & bugfix release, which refines the backend user interface (building upon the changes that were introduced with v2.10.0 to v2.10.2), improves client-size (frontend) caching & resolves broken auto-generated feeds[…] -
Getting Snowflake (the open source graphical SSH/SFTP client) to run on macOS
Blog - JoomlaWorks Feb 12, 2020 | 09:58 am
Read more...
I don't usually write similar blog posts, but I've been really enjoying Snowflake recently. What's Snowflake you ask? Well, it's a new open source graphical SSH/SFTP client which makes working with remote servers a breeze. It works like Panic's Coda when[…] -
K2 v2.10.2 released - now with a 100% mobile-friendly backend user interface!
blog Dec 11, 2019 | 22:02 pm
Read more...
K2 v2.10.2 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & security release: it concludes the backend user interface changes that were introduced with v2.10.0 and is now 100% mobile-friendly and it also addresses[…] -
Retiring the K2 templates section
blog Dec 8, 2019 | 16:05 pm
Read more...
As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED). We stopped accepting new entries for templates in the KED about 2 weeks ago and this[…] -
K2 v2.10.1 released
blog Nov 26, 2019 | 18:17 pm
Read more...
K2 v2.10.1 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance release that addresses a few bugs that were introduced with v2.10.0 released a couple weeks ago and we urge everyone using v2.10.0 to[…] -
K2 v2.10.0 released
blog Nov 15, 2019 | 01:04 am
Read more...
K2 v2.10.0 is now available to download for Joomla versions 1.5 to 3.x. This release introduces a refreshed backend design as well as feature improvements or additions (like Google Structured Data) and as always, performance improvements everywhere.To install K2 for[…] -
K2 v2.9.0 released
blog Sep 21, 2018 | 16:14 pm
Read more...
K2 v2.9.0 is now available to download for Joomla 1.5 to 3.x. In short, this release improves compatibility with the latest releases of Joomla 3.8.x & improves frontend performance overall.To install K2 for the first time or update your existing[…] -
Disqus Comments (for Joomla)
Updated Extensions - JoomlaWorks Sep 21, 2018 | 11:52 am
Read more...
Disqus Comments (for Joomla) integrates the Disqus comments system & service into any Joomla based website. Disqus (pronounced 'discuss') is a service and tool for web comments and discussions - currently the most popular comments-as-a-service provider worldwide. It makes commenting[…] -
K2 v2.8.0 released
blog Aug 18, 2017 | 12:59 pm
Read more...
K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…] -
K2 v2.7.1 released
blog Aug 4, 2016 | 01:12 am
Read more...
K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…] -
K2 v2.7.0 released
blog Mar 18, 2016 | 05:26 am
Read more...
Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…] -
K2 Next to be presented in JoomlaDay Brasil 2015
blog Aug 31, 2015 | 16:14 pm
Read more...
(originally posted in the JoomlaWorks blog) It's been a while, I know. You see, Joomla is not the only organization undergoing changes. So are we :)We are happy to announce that K2 Next will be officially presented in the upcoming JoomlaDay[…]
-
CVE-2022-29779
Latest security vulnerabilities Nginx products Jun 2, 2022 | 00:00 amNginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. (CVSS:2.1) (Last Update:2022-06-09)
Read more... -
CVE-2022-29780
Latest security vulnerabilities Nginx products Jun 2, 2022 | 00:00 amNginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. (CVSS:2.1) (Last Update:2022-06-09)
Read more... -
CVE-2022-30503
Latest security vulnerabilities Nginx products Jun 2, 2022 | 00:00 amNginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. (CVSS:2.1) (Last Update:2022-06-10)
Read more... -
CVE-2021-46461
Latest security vulnerabilities Nginx products Feb 14, 2022 | 00:00 amnjs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c. (CVSS:7.5) (Last Update:2022-05-11)
Read more... -
CVE-2019-7401
Latest security vulnerabilities Nginx products Feb 8, 2019 | 00:00 amNGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.[…]
Read more... -
CVE-2009-3896
Latest security vulnerabilities Nginx products Nov 24, 2009 | 00:00 amsrc/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a[…]
Read more... -
CVE-2009-3898
Latest security vulnerabilities Nginx products Nov 24, 2009 | 00:00 amDirectory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1)[…]
Read more...