Allgemeine News
-
Lovoo: Betrüger nutzen Catfishing, um an Ausweiskopien zu gelangen
Jul 30, 2021 | 10:08 amEigentlich nutzen Singles die Dating-App Lovoo, um darüber einen Partner fürs Leben zu finden. Oder zumindest für ein paar Monate. Oder vielleicht nur für...Zu dem Artikel: Lovoo: Betrüger nutzen Catfishing, um an Ausweiskopien zu gelangenTarnkappe.info - Unter dem Radar
Read more... -
Fraud Family: niederländische Polizei verhaftet zwei Männer von Fraud-as-a-Service-Gang
Jul 29, 2021 | 17:00 pmDie niederländische Polizei nahm gemäß Pressemitteilung in der vergangenen Woche zwei Festnahmen vor, um die Fraud-as-a-Service-Gang namens Fraud Family aufzulösen. Die Nationale Staatsanwaltschaft (OM)...Zu dem Artikel: Fraud Family: niederländische Polizei verhaftet zwei Männer von Fraud-as-a-Service-GangTarnkappe.info - Unter dem Radar
Read more... -
BlackMatter-Ransomware: Offizieller Nachfolger von DarkSide und REvil?
Jul 29, 2021 | 13:45 pmKaum zwei Wochen ist es her, als wir erfahren haben, dass REvil offline gegangen ist. Nun scheint ein Nachfolger in die Fußstapfen der weltweit...Zu dem Artikel: BlackMatter-Ransomware: Offizieller Nachfolger von DarkSide und REvil?Tarnkappe.info - Unter dem Radar
Read more... -
EncroChat-Entschlüsselung bringt lange Haftstrafen für Drogendealer
Jul 28, 2021 | 18:36 pmDas Landgericht Bremen (LG) hat aktuell in einem sogenannten „EncroChat -Verfahren“ zwei Männer im Alter von 39 und 34 Jahren zu Haftstrafen von zwölfeinhalb...Zu dem Artikel: EncroChat-Entschlüsselung bringt lange Haftstrafen für DrogendealerTarnkappe.info - Unter dem Radar
Read more... -
IPTV: Illegaler Streaming-Dienst abgeschaltet – Mann festgenommen
Jul 28, 2021 | 17:48 pmEine Operation der Polizei von West Mercia, die eng mit FACT zusammenarbeitet, hat einen Mann in Shrewsbury, im Westen Englands, verhaftet. Diesem wird zum...Zu dem Artikel: IPTV: Illegaler Streaming-Dienst abgeschaltet – Mann festgenommenTarnkappe.info - Unter dem Radar
Read more... -
Share-Online.biz – Auswertung der Ermittlungsbehörden dauert an
Jul 28, 2021 | 17:07 pmSeit Oktober 2019 bangen Power-Uploader, Uploader und manche Downloader von Share-Online.biz, ob auf sie straf- und später zivilrechtliche Folgen zukommen werden. Wir haben uns...Zu dem Artikel: Share-Online.biz – Auswertung der Ermittlungsbehörden dauert anTarnkappe.info - Unter dem Radar
Read more... -
Anime und Hentai: Liste illegaler Streaming-Portale im Juli 2021
Jul 28, 2021 | 13:14 pmKinder, wie die Zeit vergeht. Mehr als sechs Monate sind schon wieder vergangen. Hier erneut unsere Übersicht über die Streaming-Portale mit dem Schwerpunkt Anime-,...Zu dem Artikel: Anime und Hentai: Liste illegaler Streaming-Portale im Juli 2021Tarnkappe.info - Unter dem Radar
Read more... -
Amazon dementiert Bitcoin-Akzeptanz – Kurse infolge leicht rückläufig
Jul 27, 2021 | 14:04 pmAmazon wies am Montag einen Bericht, wonach der E-Commerce-Riese plane, bis Ende dieses Jahres mit der Annahme von Bitcoin-Zahlungen zu beginnen, zurück. Der Konzern...Zu dem Artikel: Amazon dementiert Bitcoin-Akzeptanz – Kurse infolge leicht rückläufigTarnkappe.info - Unter dem Radar
Read more... -
Lesetipps: Verraten durch einen Drucker und Anhalt-Bitterfeld braucht Hilfe
Jul 27, 2021 | 13:55 pmHerzlich willkommen zu einer neuen Ausgabe unserer Tarnkappe.info-Lesetipps. Auf die Bäume ihr Affen, denn das Internet wird gefegt. Also wenn man derzeit nach China...Zu dem Artikel: Lesetipps: Verraten durch einen Drucker und Anhalt-Bitterfeld braucht HilfeTarnkappe.info - Unter dem Radar
Read more... -
Amazon: mögliche Bitcoin-Akzeptanz treibt Kurs in die Höhe
Jul 26, 2021 | 16:02 pmEine anonyme Quelle innerhalb von Amazon hat der Londoner Wirtschaftszeitung City AM mitgeteilt, dass der E-Commerce-Riese plant, bis Ende 2021 mit der Annahme von...Zu dem Artikel: Amazon: mögliche Bitcoin-Akzeptanz treibt Kurs in die HöheTarnkappe.info - Unter dem Radar
Read more... -
Lesetipps: Desinformation auf Bestellung und die Wahrheit über QR-Codes
Jul 26, 2021 | 14:05 pmHerzlich willkommen zu einer neuen Ausgabe unserer Tarnkappe.info-Lesetipps. Also diese QR-Codes sind doch eine feine Sache. Oder besser gesagt, auf den ersten Blick erleichtern...Zu dem Artikel: Lesetipps: Desinformation auf Bestellung und die Wahrheit über QR-CodesTarnkappe.info - Unter dem Radar
Read more... -
Windows 11 Testversionen vermehrt für Schadsoftware missbraucht
Jul 26, 2021 | 09:26 amDie angekündigten Features von Windows 11 locken weiterhin sehr viele Interessenten an. Doch wer beim Test keinerlei Risiken eingehen will, muss beim offiziellen Windows-Insider-Programm...Zu dem Artikel: Windows 11 Testversionen vermehrt für Schadsoftware missbrauchtTarnkappe.info - Unter dem Radar
Read more... -
Stiftung BREIN geht gegen Comic-Uploader im Usenet vor
Jul 25, 2021 | 13:01 pmWie Stiftung BREIN erst kürzlich veröffentlichte, konzentrierten sich Anfang diesen Jahres ihre Ermittlungen auf verschiedene Comic-Uploads im Usenet. Ihre Aufmerksamkeit richtete sich hierbei auf...Zu dem Artikel: Stiftung BREIN geht gegen Comic-Uploader im Usenet vorTarnkappe.info - Unter dem Radar
Read more... -
Clubhouse: 3,8 Milliarden Handynummern erbeutet?
Jul 25, 2021 | 05:28 amGelang ein Hack bei Clubhouse? Der Schweizer Sicherheitsforscher Marc Ruef berichtete gestern bei Twitter über das Verkaufsangebot eines Hackers. Dieser bietet in einem Forum...Zu dem Artikel: Clubhouse: 3,8 Milliarden Handynummern erbeutet?Tarnkappe.info - Unter dem Radar
Read more... -
Rokkr TV-BOX Test 2021 – Lohnt sich der Kauf des Medienbrowsers?
Jul 24, 2021 | 09:36 amWir haben uns im Juli die Rokkr TV-BOX einmal in Ruhe angesehen. Was kann die Set-Top-Box zum Preis von 49,99 EUR? Und was leistet...Zu dem Artikel: Rokkr TV-BOX Test 2021 – Lohnt sich der Kauf des Medienbrowsers?Tarnkappe.info - Unter dem[…]
Read more... -
Hochwasserkatastrophe nutzen Betrüger für Fake-Shops und Spendenaufrufe
Jul 23, 2021 | 15:49 pmGemäß einer aktuellen Warnung der Polizei Bonn ist erhöhte Vorsicht bei Online-Einkäufen und Spendenbereitschaft für Opfer der Hochwasserkatastrophe geboten. Diesbezüglich ermittelt die Polizei in...Zu dem Artikel: Hochwasserkatastrophe nutzen Betrüger für Fake-Shops und SpendenaufrufeTarnkappe.info - Unter dem Radar
Read more... -
Lesetipps: Malware in Samsungs App Store, einen E-Book-Reader hacken
Jul 23, 2021 | 10:00 amEndlich gibt es mal wieder eine Ausgabe unserer Tarnkappe.info-Lesetipps. Herzlich willkommen und viel Spaß beim Lesen. :) Immer wieder hören wir von Schadsoftware und...Zu dem Artikel: Lesetipps: Malware in Samsungs App Store, einen E-Book-Reader hackenTarnkappe.info - Unter dem Radar
Read more...
-
CVE-2021-31618
Latest security vulnerabilities Apache Http Server Jun 15, 2021 | 00:00 amApache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent[…]
Read more... -
CVE-2020-13950
Latest security vulnerabilities Apache Http Server Jun 10, 2021 | 00:00 amApache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service (CVSS:5.0) (Last Update:2021-07-17)
Read more... -
CVE-2020-35452
Latest security vulnerabilities Apache Http Server Jun 10, 2021 | 00:00 amApache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular[…]
Read more... -
CVE-2021-26690
Latest security vulnerabilities Apache Http Server Jun 10, 2021 | 00:00 amApache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service (CVSS:5.0) (Last Update:2021-07-17)
Read more... -
CVE-2021-26691
Latest security vulnerabilities Apache Http Server Jun 10, 2021 | 00:00 amIn Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow (CVSS:7.5) (Last Update:2021-07-17)
Read more... -
CVE-2021-30641
Latest security vulnerabilities Apache Http Server Jun 10, 2021 | 00:00 amApache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' (CVSS:5.0) (Last Update:2021-07-17)
Read more... -
CVE-2020-9490
Latest security vulnerabilities Apache Http Server Aug 7, 2020 | 00:00 amApache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via[…]
Read more... -
CVE-2020-11984
Latest security vulnerabilities Apache Http Server Aug 7, 2020 | 00:00 amApache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE (CVSS:7.5) (Last Update:2021-06-06)
Read more... -
CVE-2020-11985
Latest security vulnerabilities Apache Http Server Aug 7, 2020 | 00:00 amIP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server[…]
Read more... -
CVE-2020-11993
Latest security vulnerabilities Apache Http Server Aug 7, 2020 | 00:00 amApache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2[…]
Read more...
-
Red Hat Security Advisory 2021-2965-01
Operating System: RedHat ≈ Packet Storm Jul 30, 2021 | 14:23 pmRed Hat Security Advisory 2021-2965-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On[…]
Read more... -
Red Hat Security Advisory 2021-2932-01
Operating System: RedHat ≈ Packet Storm Jul 28, 2021 | 14:57 pmRed Hat Security Advisory 2021-2932-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.
Read more... -
Red Hat Security Advisory 2021-2931-01
Operating System: RedHat ≈ Packet Storm Jul 28, 2021 | 14:56 pmRed Hat Security Advisory 2021-2931-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.
Read more... -
Red Hat Security Advisory 2021-2438-01
Operating System: RedHat ≈ Packet Storm Jul 28, 2021 | 14:53 pmRed Hat Security Advisory 2021-2438-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, denial of service, open redirection, resource exhaustion,[…]
Read more... -
Red Hat Security Advisory 2021-2437-01
Operating System: RedHat ≈ Packet Storm Jul 28, 2021 | 14:50 pmRed Hat Security Advisory 2021-2437-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.2.[…]
Read more... -
Red Hat Security Advisory 2021-2914-01
Operating System: RedHat ≈ Packet Storm Jul 27, 2021 | 14:53 pmRed Hat Security Advisory 2021-2914-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
Read more... -
Red Hat Security Advisory 2021-2763-01
Operating System: RedHat ≈ Packet Storm Jul 27, 2021 | 14:47 pmRed Hat Security Advisory 2021-2763-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The kernel packages contain the Linux kernel, the core of any Linux operating[…]
Read more... -
Red Hat Security Advisory 2021-2881-01
Operating System: RedHat ≈ Packet Storm Jul 26, 2021 | 16:22 pmRed Hat Security Advisory 2021-2881-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
Read more... -
Red Hat Security Advisory 2021-2883-01
Operating System: RedHat ≈ Packet Storm Jul 26, 2021 | 15:47 pmRed Hat Security Advisory 2021-2883-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
Read more... -
Red Hat Security Advisory 2021-2882-01
Operating System: RedHat ≈ Packet Storm Jul 26, 2021 | 15:39 pmRed Hat Security Advisory 2021-2882-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
Read more... -
The Product Security Blog has moved!
Red Hat Security Blog Blog Posts Mar 19, 2019 | 19:38 pmRed Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more... -
Security Technologies: FORTIFY_SOURCE
Red Hat Security Blog Blog Posts Sep 26, 2018 | 13:30 pmFORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all[…]
Read more... -
New Red Hat Product Security OpenPGP key
Red Hat Security Blog Blog Posts Aug 22, 2018 | 13:30 pmRed Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more... -
Security Technologies: Stack Smashing Protection (StackGuard)
Red Hat Security Blog Blog Posts Aug 20, 2018 | 13:30 pm
Read more...
In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function[…] -
Managing risk in the modern world
Red Hat Security Blog Blog Posts Aug 14, 2018 | 15:30 pm
Read more...
Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…] -
How SELinux helps mitigate risk while facilitating compliance
Red Hat Security Blog Blog Posts Aug 9, 2018 | 13:30 pmMany of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform[…]
Read more... -
Security Technologies: ExecShield
Red Hat Security Blog Blog Posts Jul 25, 2018 | 13:30 pm
Read more...
The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…] -
SPECTRE Variant 1 scanning tool
Red Hat Security Blog Blog Posts Jul 18, 2018 | 13:30 pmAs part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more... -
Insights Security Hardening Rules
Red Hat Security Blog Blog Posts Jul 12, 2018 | 13:30 pmMany users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]
Read more... -
Red Hat’s disclosure process
Red Hat Security Blog Blog Posts Jul 10, 2018 | 13:00 pmLast week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more...
-
IPFire 2.25 Remote Code Execution
CGI Files ≈ Packet Storm Jun 15, 2021 | 15:18 pmThis Metasploit module exploits an authenticated command injection vulnerability in the /cgi-bin/pakfire.cgi web page of IPFire devices running versions 2.25 Core Update 156 and prior to execute arbitrary code as the root user.
Read more... -
Ubuntu Security Notice USN-4886-1
CGI Files ≈ Packet Storm Mar 23, 2021 | 16:33 pmUbuntu Security Notice 4886-1 - It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. It was discovered that Privoxy incorrectly handled certain regular[…]
Read more... -
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Configuration Download
CGI Files ≈ Packet Storm Mar 19, 2021 | 16:52 pmKZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is susceptible to an unauthenticated configuration disclosure when direct object reference is made to the export_settings.cgi file using an HTTP GET request. This will enable the attacker to disclose sensitive information and help[…]
Read more... -
Cisco UCS Manager 2.2(1d) Remote Command Execution
CGI Files ≈ Packet Storm Jan 18, 2021 | 15:47 pmCisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote[…]
Read more... -
ZeroShell 3.9.0 Remote Command Execution
CGI Files ≈ Packet Storm Nov 24, 2020 | 15:34 pmThis Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar[…]
Read more... -
ASUS TM-AC1900 Arbitrary Command Execution
CGI Files ≈ Packet Storm Nov 13, 2020 | 16:00 pmThis Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses[…]
Read more... -
D-Link DSR-250N Denial Of Service
CGI Files ≈ Packet Storm Oct 8, 2020 | 16:50 pmRedTeam Pentesting discovered a denial of service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script that reboots the device. Version 3.12 is confirmed affected.
Read more... -
Ubuntu Security Notice USN-4569-1
CGI Files ≈ Packet Storm Oct 5, 2020 | 17:21 pmUbuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when[…]
Read more... -
Sony IPELA Network Camera Remote Stack Buffer Overflow
CGI Files ≈ Packet Storm Oct 1, 2020 | 15:09 pmSony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be[…]
Read more... -
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
CGI Files ≈ Packet Storm Sep 18, 2020 | 17:11 pmTP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place[…]
Read more...
snaplitics made a real revolution in the industry.
-
Debian: DSA-4946-1: openjdk-11 security update
Advisories Jul 29, 2021 | 14:44 pm
Read more...
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in bypass of sandbox restrictions, incorrect validation of signed Jars or information disclosure. -
Debian: DSA-4945-1: webkit2gtk security update
Advisories Jul 28, 2021 | 14:56 pm
Read more...
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-21775 -
Debian: DSA-4944-1: krb5 security update
Advisories Jul 25, 2021 | 03:27 am
Read more...
It was discovered that the Key Distribution Center (KDC) in krb5, the MIT implementation of Kerberos, is prone to a NULL pointer dereference flaw. An unauthenticated attacker can take advantage of this flaw to cause a denial of service (KDC[…] -
Debian: DSA-4943-1: lemonldap-ng security update
Advisories Jul 23, 2021 | 01:27 am
Read more...
Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO system. The flaws could result in information disclosure, authentication bypass, or could allow an attacker to increase its authentication level or impersonate another user, especially when lemonldap-ng is configured -
Sequoia: A Deep Root In Linux's Filesystem Layer
Operating System: Debian ≈ Packet Storm Jul 21, 2021 | 16:10 pmQualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset[…]
Read more... -
Debian: DSA-4941-1: linux security update
Advisories Jul 20, 2021 | 08:53 am
Read more...
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. -
Debian: DSA-4942-1: systemd security update
Advisories Jul 20, 2021 | 08:53 am
Read more...
The Qualys Research Labs discovered that an attacker-controlled allocation using the alloca() function could result in memory corruption, allowing to crash systemd and hence the entire operating system. -
Debian: DSA-4940-1: thunderbird security update
Advisories Jul 18, 2021 | 11:15 am
Read more...
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the stable distribution (buster), these problems have been fixed in -
Debian: DSA-4939-1: firefox-esr security update
Advisories Jul 14, 2021 | 14:50 pm
Read more...
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. -
Debian: DSA-4938-1: linuxptp security update
Advisories Jul 13, 2021 | 16:11 pm
Read more...
Miroslav Lichvar reported that the ptp4l program in linuxptp, an implementation of the Precision Time Protocol (PTP), does not validate the messageLength field of incoming messages, allowing a remote attacker to cause a denial of service, information leak, or potentially[…] -
Ubuntu Security Notice USN-4530-1
Operating System: Debian ≈ Packet Storm Sep 22, 2020 | 18:23 pmUbuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.
Read more... -
Debian Security Advisory 4633-1
Operating System: Debian ≈ Packet Storm Feb 25, 2020 | 15:20 pmDebian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
Read more... -
Debian Security Advisory 4629-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:38 pmDebian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.
Read more... -
Debian Security Advisory 4628-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:28 pmDebian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4626-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:05 pmDebian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4627-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:04 pmDebian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.
Read more... -
Debian Security Advisory 4625-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 18:02 pmDebian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
Read more... -
Debian Security Advisory 4624-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 17:31 pmDebian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.
Read more... -
Debian Security Advisory 4621-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
Read more...
-
Sequoia: A Deep Root In Linux's Filesystem Layer
Operating System: Fedora ≈ Packet Storm Jul 21, 2021 | 16:10 pmQualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset[…]
Read more... -
Fedora / Gnome fscaps Issue
Operating System: Fedora ≈ Packet Storm Jun 22, 2021 | 19:20 pmFedora with Gnome has an issue where it is not using fscaps safely.
Read more... -
netkit-telnet 0.17 Remote Code Execution
Operating System: Fedora ≈ Packet Storm Mar 5, 2020 | 20:57 pmnetkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.
Read more... -
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
Operating System: Fedora ≈ Packet Storm Dec 23, 2019 | 21:02 pmThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and[…]
Read more... -
Grub2 grub2-set-bootflag Environment Corruption
Operating System: Fedora ≈ Packet Storm Nov 27, 2019 | 23:02 pmGrub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
Read more... -
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
Operating System: Fedora ≈ Packet Storm Apr 19, 2019 | 13:28 pmThis Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]
Read more... -
Linux Nested User Namespace idmap Limit Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Nov 28, 2018 | 01:51 amThis Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user[…]
Read more... -
Linux Kernel Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Jul 12, 2018 | 21:43 pmLinux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.
Read more... -
DHCP Client Command Injection (DynoRoot)
Operating System: Fedora ≈ Packet Storm Jun 12, 2018 | 23:58 pmThis Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or[…]
Read more... -
Reliable Datagram Sockets (RDS) Privilege Escalation
Operating System: Fedora ≈ Packet Storm May 19, 2018 | 06:48 amThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version[…]
Read more...
-
fetchmail -- 6.4.19 and older denial of service or information disclosure
FreeBSD VuXML Jul 28, 2021 | 00:00 am
Read more... -
redis -- Integer overflow issues with BITFIELD command on 32-bit systems
FreeBSD VuXML Jul 27, 2021 | 00:00 am
Read more... -
powerdns -- remotely triggered crash
FreeBSD VuXML Jul 27, 2021 | 00:00 am
Read more... -
mosquitto -- NULL pointer dereference
FreeBSD VuXML Jul 24, 2021 | 00:00 am
Read more... -
pjsip -- Race condition in SSL socket server
FreeBSD VuXML Jul 23, 2021 | 00:00 am
Read more... -
asterisk -- Remote crash when using IAX2 channel driver
FreeBSD VuXML Jul 23, 2021 | 00:00 am
Read more... -
asterisk -- Remote Crash Vulnerability in PJSIP channel driver
FreeBSD VuXML Jul 23, 2021 | 00:00 am
Read more... -
asterisk -- pjproject/pjsip: crash when SSL socket destroyed during handshake
FreeBSD VuXML Jul 23, 2021 | 00:00 am
Read more...
-
Simple Image Gallery Pro v3.9.1 released (bug-fix release)
Blog - JoomlaWorks Jul 26, 2021 | 14:21 pm
Read more...
Simple Image Gallery Pro v3.9.1 is now available to download for subscribers. This is a minor bug-fix release following the release of version 3.9.0 a couple weeks ago. For a detailed look on the new features and changes in v3.9.0,[…] -
Simple Image Gallery Pro
Updated Extensions - JoomlaWorks Jul 26, 2021 | 14:20 pm
Read more...
NEW VERSION 3.9 released in July 2021!Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish[…] -
Simple Image Gallery Pro v3.9.0 released
Blog - JoomlaWorks Jul 5, 2021 | 16:59 pm
Read more...
Simple Image Gallery Pro v3.9.0 is now available to download for subscribers. It's both a bug-fix and new feature release. Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.9.0: SIGPro will now read[…] -
Simple RSS Feed Reader
Updated Extensions - JoomlaWorks May 25, 2021 | 08:54 am
Read more...
Adding RSS/Atom syndicated content inside your Joomla website is now super-easy and simple with the 'Simple RSS Feed Reader' module from JoomlaWorks. All you have to do is add a few feeds to the module parameters, publish the module in[…] -
Simple RSS Feed Reader v3.9.0 released
Blog - JoomlaWorks May 25, 2021 | 08:47 am
Read more...
Today we're releasing version 3.9.0 of the Simple RSS Feed Reader module. This is a bugfix release. Here's what's been added or changed (in more detail) with the release of v3.9.0: Fix the installer for Joomla 3.x on new installations.[…] -
Simple RSS Feed Reader v3.8.0 released
Blog - JoomlaWorks Feb 3, 2021 | 15:42 pm
Read more...
Today we're releasing version 3.8.0 of the Simple RSS Feed Reader module. This new release brings back Joomla 1.5 support (by popular request), it introduces a new sub-template & changes the remote image resizing service from Mobify to Images.weserv.nl. Here's what's[…] -
Improve the performance of your Joomla articles (part 1)
Blog - JoomlaWorks Dec 4, 2020 | 16:44 pm
Read more...
The performance of the default article system in Joomla really sucks big time, that's a well know fact. It''s actually one of the reasons we built K2 in the first place. And as we venture into Joomla 4 territory, instead[…] -
K2 Plugin for sh404SEF version 1.6.0 released
Blog - JoomlaWorks Sep 14, 2020 | 17:28 pm
Read more...
The K2 Plugin for sh404SEF version 1.6.0 is now available to download for subscribers. This is a bug fix release that addresses compatibility with K2 v2.10.3+ and improves support for PHP 7.x in general. Here's what's been added or changed in the K2[…] -
K2 Plugin for sh404SEF
Updated Extensions - JoomlaWorks Sep 14, 2020 | 17:28 pm
Read more...
A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…] -
SocialConnect
Updated Extensions - JoomlaWorks Jul 22, 2020 | 16:40 pm
Read more...
SocialConnect is the only Joomla extension that allows you to integrate your Joomla site with social networks and identity providers for user authentication, posting content directly to social networks and 3rd-party comment system integration. Features Let your users register to[…] -
Simple Image Gallery Pro v3.8.0 released
Blog - JoomlaWorks Jun 10, 2020 | 15:51 pm
Read more...
Simple Image Gallery Pro v3.8.0 is now available to download for subscribers. This new release improves upon existing features, extends Flickr support to galleries (beyond albums/sets) and adds PHP 7.4 & Postgres compatibility. Here's what's been added or changed in Simple[…] -
AllVideos
Updated Extensions - JoomlaWorks May 22, 2020 | 14:22 pm
Read more...
AllVideos (by JoomlaWorks) is the universal media player for Joomla and a classic must-have extension for any Joomla based website. Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo, Dailymotion,[…] -
AllVideos 6.1.0 now available - adds Mixcloud support
Blog - JoomlaWorks May 22, 2020 | 14:13 pm
Read more...
Version 6.1.0 of AllVideos is now available. This new release introduces support for Mixcloud embeds and improves support for PHP 7.4. Here's what's been added or changed in this new release of AllVideos: Added support for Mixcloud embeds. Just use[…] -
K2
Updated Extensions - JoomlaWorks Apr 29, 2020 | 22:47 pm
Read more...
K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…] -
K2 v2.10.3 now available
blog Apr 29, 2020 | 20:21 pm
Read more...
K2 v2.10.3 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & bugfix release, which refines the backend user interface (building upon the changes that were introduced with v2.10.0 to v2.10.2), improves client-size (frontend) caching & resolves broken auto-generated feeds[…] -
Getting Snowflake (the open source graphical SSH/SFTP client) to run on macOS
Blog - JoomlaWorks Feb 12, 2020 | 09:58 am
Read more...
I don't usually write similar blog posts, but I've been really enjoying Snowflake recently. What's Snowflake you ask? Well, it's a new open source graphical SSH/SFTP client which makes working with remote servers a breeze. It works like Panic's Coda when[…] -
Simple Image Gallery
Updated Extensions - JoomlaWorks Jan 28, 2020 | 19:37 pm
Read more...
Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…] -
Simple Image Gallery (free) v4.1.0 released
Blog - JoomlaWorks Jan 28, 2020 | 18:30 pm
Read more...
Simple Image Gallery (free) version 4.1.0 is now available to download. This is a maintenance release. Here's what's been added or changed in Simple Image Gallery (free) with the release of v4.1.0: Allow the plugin to accept WEBP images as[…] -
K2 v2.10.2 released - now with a 100% mobile-friendly backend user interface!
blog Dec 11, 2019 | 22:02 pm
Read more...
K2 v2.10.2 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & security release: it concludes the backend user interface changes that were introduced with v2.10.0 and is now 100% mobile-friendly and it also addresses[…] -
Retiring the K2 templates section
blog Dec 8, 2019 | 16:05 pm
Read more...
As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED).We stopped accepting new entries for templates in the KED about 2 weeks ago and this week[…] -
Frontpage SlideShow
Updated Extensions - JoomlaWorks Dec 5, 2019 | 12:49 pm
Read more...
Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber cool slideshow with text snippets laying on[…] -
K2 v2.10.1 released
blog Nov 26, 2019 | 18:17 pm
Read more...
K2 v2.10.1 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance release that addresses a few bugs that were introduced with v2.10.0 released a couple weeks ago and we urge everyone using v2.10.0 to[…] -
K2 v2.10.0 released
blog Nov 15, 2019 | 01:04 am
Read more...
K2 v2.10.0 is now available to download for Joomla versions 1.5 to 3.x. This release introduces a refreshed backend design as well as feature improvements or additions (like Google Structured Data) and as always, performance improvements everywhere.To install K2 for[…] -
K2 v2.9.0 released
blog Sep 21, 2018 | 16:14 pm
Read more...
K2 v2.9.0 is now available to download for Joomla 1.5 to 3.x. In short, this release improves compatibility with the latest releases of Joomla 3.8.x & improves frontend performance overall.To install K2 for the first time or update your existing[…] -
Disqus Comments (for Joomla)
Updated Extensions - JoomlaWorks Sep 21, 2018 | 11:52 am
Read more...
Disqus Comments (for Joomla) integrates the Disqus comments system & service into any Joomla based website. Disqus (pronounced 'discuss') is a service and tool for web comments and discussions - currently the most popular comments-as-a-service provider worldwide. It makes commenting[…] -
K2 v2.8.0 released
blog Aug 18, 2017 | 12:59 pm
Read more...
K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…] -
K2 v2.7.1 released
blog Aug 4, 2016 | 01:12 am
Read more...
K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…] -
K2 v2.7.0 released
blog Mar 18, 2016 | 05:26 am
Read more...
Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…] -
K2 Next to be presented in JoomlaDay Brasil 2015
blog Aug 31, 2015 | 16:14 pm
Read more...
(originally posted in the JoomlaWorks blog) It's been a while, I know. You see, Joomla is not the only organization undergoing changes. So are we :)We are happy to announce that K2 Next will be officially presented in the upcoming JoomlaDay[…]
-
CVE-2021-23017
Latest security vulnerabilities Nginx products Jun 1, 2021 | 00:00 amA security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. (CVSS:7.5) (Last[…]
Read more... -
CVE-2020-24346
Latest security vulnerabilities Nginx products Aug 13, 2020 | 00:00 amnjs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. (CVSS:6.8) (Last Update:2020-09-18)
Read more... -
CVE-2020-24347
Latest security vulnerabilities Nginx products Aug 13, 2020 | 00:00 amnjs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. (CVSS:2.1) (Last Update:2020-09-18)
Read more... -
CVE-2020-24348
Latest security vulnerabilities Nginx products Aug 13, 2020 | 00:00 amnjs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. (CVSS:2.1) (Last Update:2020-09-18)
Read more... -
CVE-2020-24349
Latest security vulnerabilities Nginx products Aug 13, 2020 | 00:00 amnjs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface. (CVSS:2.1) (Last Update:2020-09-18)
Read more... -
CVE-2019-20372
Latest security vulnerabilities Nginx products Jan 9, 2020 | 00:00 amNGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. (CVSS:4.3) (Last Update:2020-01-15)
Read more... -
CVE-2019-13617
Latest security vulnerabilities Nginx products Jul 16, 2019 | 00:00 amnjs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. (CVSS:4.3) (Last Update:2020-08-24)
Read more... -
CVE-2019-13067
Latest security vulnerabilities Nginx products Jun 30, 2019 | 00:00 amnjs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. (CVSS:7.5) (Last Update:2019-07-05)
Read more... -
CVE-2019-12207
Latest security vulnerabilities Nginx products May 20, 2019 | 00:00 amnjs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. (CVSS:7.5) (Last Update:2020-08-24)
Read more... -
CVE-2019-12208
Latest security vulnerabilities Nginx products May 20, 2019 | 00:00 amnjs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. (CVSS:7.5) (Last Update:2020-08-24)
Read more...