CVE-2019-0196

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the[…]

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects[…]

CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2[…]

CVE-2019-0190

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with[…]

Red Hat Security Advisory 2019-2519-01

Red Hat Security Advisory 2019-2519-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, bypass, cross site scripting, denial of service, information leakage, and null pointer vulnerabilities.

Red Hat Security Advisory 2019-2508-01

Red Hat Security Advisory 2019-2508-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data[…]

Red Hat Security Advisory 2019-2507-01

Red Hat Security Advisory 2019-2507-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.[…]

Red Hat Security Advisory 2019-2505-01

Red Hat Security Advisory 2019-2505-01 - ironic-inspector is an auxiliary service for discovering hardware properties for a node managed by Ironic. Hardware introspection or hardware properties discovery is a process of getting hardware parameters required for scheduling from a bare[…]

Red Hat Security Advisory 2019-2499-01

Red Hat Security Advisory 2019-2499-01 - The ovirt-engine-metrics package is used to collect and enrich metrics and logs from the Red Hat Virtualization Manager, hosts, and virtual machines. It includes Ansible scripts that configure Collectd and Fluentd on the Red[…]

The Product Security Blog has moved!

Red Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]

New Red Hat Product Security OpenPGP key

Red Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]

Managing risk in the modern world

Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…]

Security Technologies: ExecShield

The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…]

Insights Security Hardening Rules

Many users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]

RHBA-2019:0500-1: nss-pem bug fix update

Red Hat Enterprise Linux:Updated nss-pem packages that fix one bug are now available for Red HatEnterprise Linux 7.6.

RHBA-2019:0498-1: rear bug fix update

Red Hat Enterprise Linux:Updated rear packages that fix several bugs are now available for Red HatEnterprise Linux 7.

RHBA-2019:0496-1: tuned bug fix update

Red Hat Enterprise Linux:Updated tuned packages that fix two bugs are now available for Red HatEnterprise Linux 7.

RHBA-2019:0484-1: dpdk bug fix update

Red Hat Enterprise Linux:Updated dpdk packages that fix one bug are now available in the Extras channelof Red Hat Enterprise Linux 7.

RHEA-2019:0543-1: new packages: rh-jmc

Red Hat Enterprise Linux:New rh-jmc packages are now available as a part of Red Hat Software Collections3.2 for Red Hat Enterprise Linux 7.

Ubuntu Security Notice USN-4059-1

Ubuntu Security Notice 4059-1 - It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS[…]

Telus Actiontec WEB6000Q Denial Of Service

Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot[…]

RICOH SP 4510DN Printer HTML Injection

An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.

Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker[…]

Sierra Wireless AirLink ES450 ACEManager ping_result.cgi Cross Site Scripting

An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the[…]

Debian: DSA-4504-1: vlc security update

Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed.

Debian: DSA-4503-1: golang-1.11 security update

Three vulnerabilities have been discovered in the Go programming language; "net/url" accepted some invalid hosts in URLs which could result in authorisation bypass in some applications and the HTTP/2 implementation was susceptible to denial of service.

Debian: DSA-4502-1: ffmpeg security update

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

Debian: DSA-4501-1: libreoffice security update

It was discovered that the code fixes to address CVE-2018-16858 and CVE-2019-9848 were not complete. For the oldstable distribution (stretch), these problems have been fixed

Debian Security Advisory 4497-1

Debian Linux Security Advisory 4497-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Debian: DSA-4497-1: linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Debian Security Advisory 4494-1

Debian Linux Security Advisory 4494-1 - Dominik Penner discovered that KConfig, the KDE configuration settings framework, supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file (e.g. if it's[…]

Debian Security Advisory 4496-1

Debian Linux Security Advisory 4496-1 - Benno Fuenfstueck discovered that Pango, a library for layout and rendering of text with an emphasis on internationalization, is prone to a heap-based buffer overflow flaw in the pango_log2vis_get_embedding_levels function. An attacker can take[…]

Debian: DSA-4499-1: ghostscript security update

Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.

Debian: DSA-4496-1: pango1.0 security update

Benno Fuenfstueck discovered that Pango, a library for layout and rendering of text with an emphasis on internationalization, is prone to a heap-based buffer overflow flaw in the pango_log2vis_get_embedding_levels function. An attacker can take advantage of this flaw for denial[…]

SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]

Linux Kernel Local Privilege Escalation

Linux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.

Reliable Datagram Sockets (RDS) Privilege Escalation

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version[…]

MagniComp SysInfo mcsiwrapper Privilege Escalation

This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable[…]

glibc '$ORIGIN' Expansion Privilege Escalation

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the[…]

Node.js -- multiple vulnerabilities

nsd -- Stack-based Buffer Overflow

Libgit2 -- multiple vulnerabilities

Apache -- Multiple vulnerabilities

CUPS -- multiple vulnerabilities

[20190801] - Core - Hardening com_contact contact form

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 1.6.2 - 3.9.10Exploit type: Incorrect Access ControlReported Date: 2019-April-09Fixed Date: 2019-August-13CVE Number: CVE-2019-15028DescriptionInadequate checks in com_contact could allowed mail submission in disabled forms.Affected InstallsJoomla! CMS versions 1.6.2 - 3.9.10SolutionUpgrade to version 3.9.11ContactThe JSST at the[…]

Kiji & nuModusVersus updated to v1.1.0 - sunsetting NewsWorth, Nokkori, Tamashi & The Conversationalist

Both Kiji & nuModusVersus have just been updated to v1.1.0. These are bugfix and feature-improvement releases.Here's what's been added or changed in both Kiji & nuModusVersus with the release of v1.1.0:Lots of K2 related fixes/improvements including: use the new K2 modal introduced in v2.9.0,[…]

Simple Image Gallery Pro v3.6.7 released

Simple Image Gallery Pro v3.6.7 is now available to download for subscribers. This is a bugfix release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.7:Resolve a permissions check in Joomla versions between 3.0.0 and 3.5.0, which[…]

[20190602] - Core - XSS in subform field

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.6.0 through 3.9.6Exploit type: XSSReported Date: 2019-January-01Fixed Date: 2019-June-11CVE Number: CVE-2019-12766DescriptionThe subform fieldtype does not sufficiently filter or validate input of subfields, this leads to XSS attack vectors.Affected InstallsJoomla! CMS versions 3.6.0 through 3.9.6SolutionUpgrade to[…]

[20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.3 through 3.9.5Exploit type: Object InjectionReported Date: 2019-March-27Fixed Date: 2019-May-07DescriptionIn Joomla 3.9.3, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the Joomla core. In order[…]

Simple Image Gallery Pro v3.6.6 released

Simple Image Gallery Pro v3.6.6 has just been released. This is a maintenance release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.6:Fixed modal URL in frontend editing that affected Joomla 3.x users under certain SEF/path setups.Updated frontend[…]

[20190402] - Core - Helpsites refresh endpoint callable for unauthenticated users

Project: Joomla!SubProject: CMSImpact: LowSeverity: HighVersions: 3.2.0 through 3.9.4Exploit type: ACL ViolationReported Date: 2019-March-13Fixed Date: 2019-April-08CVE Number: CVE-2019-10946DescriptionThe "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.Affected InstallsJoomla! CMS versions 3.2.0 through 3.9.4SolutionUpgrade to version[…]

SocialConnect v1.9.0 released

SocialConnect v1.9.0 has just been released. It mainly improves compatibility with Twitter and LinkedIn API updates (either already in force or soon to be enforced).Here's what's been added or changed in SocialConnect with the release of v1.9.0:Updated for recent Twitter API changes that[…]

Simple Image Gallery Pro v3.6.5 released

Simple Image Gallery Pro v3.6.5 has just been released. This is a feature-improvement release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.5:Added a new "File size limit per uploaded image" option in the component's[…]

Simple Image Gallery Pro v3.6.4 released

Simple Image Gallery Pro v3.6.4 has just been released. This is both a bugfix and feature-improvement release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.4:New galleries added directly via the gallery form will not[…]

K2 v2.9.0 released

K2 v2.9.0 is now available to download for Joomla 1.5 to 3.x. In short, this release improves compatibility with the latest releases of Joomla 3.8.x & improves frontend performance overall.To install K2 for the first time or update your existing[…]

Google Map Landkarten,4.2.3,SQL Injection

Google Map Landkarten from joomla-24.de, versions 4.2.3 and previous, SQL Injection

File Download Tracker,3.0,SQL Injection

File Download Tracker by techsolsystem.com, 3.0, SQL Injection

SquadManagement,1.0.3,SQL Injection

SquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection

JS Autoz ,1.0.9,SQL Injection

JS Autoz by Joomsky.com, 1.0.9 and previous, SQL Injection

Joomla! Pinterest Clone Social Pinboard,2.0,SQL Injection

Joomla! Pinterest Clone Social Pinboard from apptha.com, 2.0, multiple SQL Injection vulnerabilities

K2 v2.7.1 released

K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…]

K2 v2.7.0 released

Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…]

Video course on K2 for Joomla 3

Hi everyone. I'm Antonio Mercurio from Italy. I'm passioned about opensource software such as Joomla, Drupal, Wordpress and many others. I made a video course on K2 for Joomla 3 in Italian on the Udemy platform. The video course is[…]

K2 v2.6.9 released

K2 version 2.6.9 is now available to download. This is a quick maintenance release which addresses the item time problem introduced from changes in the Joomla API in the latest Joomla 3.3.x releases. The creation/modified time in K2 items would[…]

First beta of K2 version 3 is here

Wow! What a ride!The first public beta release of K2 version 3 is finally here!It's been more than a year's work so far designing the application and actually building it, and now we're just a few months away from the[…]

K2

K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…]

Simple Image Gallery

Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…]

Frontpage SlideShow

NEW VERSION 3.12 released in Oct 2018! Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber[…]

AllVideos

AllVideos (by JoomlaWorks) is truly THE all-in-one media management solution for Joomla and a classic must-have extension for any Joomla based website.Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo,[…]

CVE-2019-13617

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. (CVSS:4.3) (Last Update:2019-07-18)

CVE-2019-12206

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-12208

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-11838

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-09)

CVE-2018-16843

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen'[…]

Security update for clamav 1509

Abstract: Moderate: Security update for clamavPatch: SUSE-SLE-Module-Basesystem-15-2018-1509 CVEs:CVE-2018-0360, CVE-2018-0361 Bugs:1101654, 1101410, 1101412, 1103040Applies to:Package(s): clamav clamav-devel libclamav7 libclammspack0Product(s):SUSE Linux Enterprise Server 15Downloads: SUSE Linux Enterprise Server 15 for x86-64SUSE Linux Enterprise Server 15 for s390xSUSE Linux Enterprise Server 15 for[…]

Security update for libcdio 1512

Abstract: Security update for libcdioPatch: SUSE-SLE-Module-Desktop-Applications-15-2018-1512 CVEs:CVE-2017-18199, CVE-2017-18201 Bugs:1082821, 1082877Applies to:Package(s): libcdio++0 libcdio-devel libcdio16 libiso9660-10 libudf0Product(s):SUSE Linux Enterprise Server 15Downloads: SUSE Linux Enterprise Desktop 15 for x86-64SUSE Linux Enterprise Server 15 for s390xSUSE Linux Enterprise Server 15 for ppc64leSUSE Linux[…]

Security update for cups 13718

Abstract: Moderate: Security update for cupsPatch: sdksp4-cups-13718 CVEs:CVE-2018-4182, CVE-2018-4183, CVE-2018-4180, CVE-2018-4181 Bugs:1096408, 1096405, 1096407, 1096406Applies to:Package(s): cups-develProduct(s):SUSE Linux Enterprise Software Development Kit 11 SP4Downloads: SUSE Linux Enterprise Server 11 SP4 for x86-64SUSE Linux Enterprise Server 11 SP4 for x86SUSE Linux[…]

Security update for rubygem-sprockets-2_12 1500

Abstract: Moderate: Security update for rubygem-sprockets-2_12Patch: SUSE-OpenStack-Cloud-7-2018-1500 CVEs:CVE-2018-3760 Bugs:1098369Applies to:Package(s): ruby2.1-rubygem-sprockets-2_12Product(s):SUSE OpenStack Cloud 7Downloads: SUSE OpenStack Cloud 7 for x86-64

Security update for openssl 13713

Abstract: Moderate: Security update for opensslPatch: slestso13-openssl-13713 CVEs:CVE-2018-0732 Bugs:1097158, 1097624, 1098592Applies to:Package(s): libopenssl-develProduct(s):SUSE Studio Onsite 1.3Downloads: SUSE Linux Enterprise Point of Service 11 SP3 for x86SUSE Linux Enterprise Server 11 SP4 for x86-64SUSE Linux Enterprise Server 11 SP4 for x86SUSE[…]