CVE-2020-13950

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service (CVSS:5.0) (Last Update:2021-06-16)

CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via[…]

CVE-2020-11985

IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server[…]

CVE-2020-1927

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. (CVSS:5.8) (Last Update:2021-06-14)

CVE-2020-2530

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server.[…]

Red Hat Security Advisory 2021-2476-01

Red Hat Security Advisory 2021-2476-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business[…]

Red Hat Security Advisory 2021-2469-01

Red Hat Security Advisory 2021-2469-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address.[…]

Red Hat Security Advisory 2021-2471-01

Red Hat Security Advisory 2021-2471-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged[…]

Red Hat Security Advisory 2021-2461-01

Red Hat Security Advisory 2021-2461-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across[…]

Red Hat Security Advisory 2021-2456-01

Red Hat Security Advisory 2021-2456-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities.

Security Technologies: FORTIFY_SOURCE

FORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all[…]

Security Technologies: Stack Smashing Protection (StackGuard)

In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function[…]

How SELinux helps mitigate risk while facilitating compliance

Many of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform[…]

SPECTRE Variant 1 scanning tool

As part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]

Red Hat’s disclosure process

Last week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]

Ubuntu Security Notice USN-4886-1

Ubuntu Security Notice 4886-1 - It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. It was discovered that Privoxy incorrectly handled certain regular[…]

Cisco UCS Manager 2.2(1d) Remote Command Execution

Cisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote[…]

ASUS TM-AC1900 Arbitrary Command Execution

This Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses[…]

Ubuntu Security Notice USN-4569-1

Ubuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when[…]

TP-Link Cloud Cameras NCXXX Bonjour Command Injection

TP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place[…]

Debian: DSA-4932-1: tor security update

Multiple security vulnerabilities were discovered in Tor, a connection-based low-latency anonymous communication system, which could result in denial of service or spoofing.

Debian: DSA-4930-1: libwebp security update

Multiple vulnerabilities were discovered in libwebp, the implementation of the WebP image format, which could result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed images are processed.

Debian: DSA-4928-1: htmldoc security update

A buffer overflow was discovered in HTMLDOC, a HTML processor that generates indexed HTML, PS, and PDF, which could potentially result in the execution of arbitrary code. In addition a number of crashes were addressed.

Debian: DSA-4926-1: lasso security update

It was discovered that lasso, a library which implements SAML 2.0 and Liberty Alliance standards, did not properly verify that all assertions in a SAML response were properly signed, allowing an attacker to impersonate users or bypass access control.

Ubuntu Security Notice USN-4530-1

Ubuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.

Debian Security Advisory 4629-1

Debian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.

Debian Security Advisory 4626-1

Debian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.

Debian Security Advisory 4625-1

Debian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

Debian Security Advisory 4620-1

Debian Linux Security Advisory 4620-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and[…]

SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]

Linux Kernel Local Privilege Escalation

Linux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.

Reliable Datagram Sockets (RDS) Privilege Escalation

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version[…]

MagniComp SysInfo mcsiwrapper Privilege Escalation

This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable[…]

dino -- Path traversal in Dino file transfers

drupal7 -- fix possible CSS

polkit -- local privilege escalation using polkit_system_bus_name_get_creds_sync

aiohttp -- open redirect vulnerability

Simple RSS Feed Reader v3.9.0 released

Today we're releasing version 3.9.0 of the Simple RSS Feed Reader module. This is a bugfix release.Here's what's been added or changed (in more detail) with the release of v3.9.0:Fix the installer for Joomla 3.x on new installations. The introduction[…]

Improve the performance of your Joomla articles (part 1)

The performance of the default article system in Joomla really sucks big time, that's a well know fact.It''s actually one of the reasons we built K2 in the first place.And as we venture into Joomla 4 territory, instead of seeing[…]

K2 Plugin for sh404SEF

A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…]

Simple Image Gallery Pro

NEW VERSION 3.8 released in June 2020!Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish[…]

AllVideos

AllVideos (by JoomlaWorks) is the universal media player for Joomla and a classic must-have extension for any Joomla based website.Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo, Dailymotion, Twitch,[…]

K2

K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…]

Getting Snowflake (the open source graphical SSH/SFTP client) to run on macOS

I don't usually write similar blog posts, but I've been really enjoying Snowflake recently. What's Snowflake you ask? Well, it's a new open source graphical SSH/SFTP client which makes working with remote servers a breeze. It works like Panic's Coda when[…]

Simple Image Gallery (free) v4.1.0 released

Simple Image Gallery (free) version 4.1.0 is now available to download. This is a maintenance release.Here's what's been added or changed in Simple Image Gallery (free) with the release of v4.1.0:Allow the plugin to accept WEBP images as source images[…]

Simple Image Gallery (free) v4.0.0 released - now Joomla 4 compatible!

Simple Image Gallery (free) version 4.0.0 is now available to download. This marks our first extension update that supports the upcoming Joomla version 4 (currently in "beta").Here's what's been added or changed in Simple Image Gallery (free) with the release[…]

Retiring the K2 templates section

As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED).We stopped accepting new entries for templates in the KED about 2 weeks ago and this week[…]

K2 v2.10.1 released

K2 v2.10.1 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance release that addresses a few bugs that were introduced with v2.10.0 released a couple weeks ago and we urge everyone using v2.10.0 to[…]

K2 v2.9.0 released

K2 v2.9.0 is now available to download for Joomla 1.5 to 3.x. In short, this release improves compatibility with the latest releases of Joomla 3.8.x & improves frontend performance overall.To install K2 for the first time or update your existing[…]

K2 v2.8.0 released

K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…]

K2 v2.7.0 released

Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…]

CVE-2020-24346

njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. (CVSS:6.8) (Last Update:2020-09-18)

CVE-2020-24348

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. (CVSS:2.1) (Last Update:2020-09-18)

CVE-2019-20372

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. (CVSS:4.3) (Last Update:2020-01-15)

CVE-2019-13067

njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. (CVSS:7.5) (Last Update:2019-07-05)

CVE-2019-12208

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. (CVSS:7.5) (Last Update:2020-08-24)