CVE-2019-0197

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the[…]

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the[…]

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is[…]

CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is[…]

Red Hat Security Advisory 2019-1481-01

Red Hat Security Advisory 2019-1481-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2019-1483-01

Red Hat Security Advisory 2019-1483-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2019-1492-01

Red Hat Security Advisory 2019-1492-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating[…]

Red Hat Security Advisory 2019-1476-01

Red Hat Security Advisory 2019-1476-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.207. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2019-1455-01

Red Hat Security Advisory 2019-1455-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a CPU related vulnerability.

Security Technologies: FORTIFY_SOURCE

FORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all[…]

Security Technologies: Stack Smashing Protection (StackGuard)

In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function[…]

How SELinux helps mitigate risk while facilitating compliance

Language EnglishMany of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container[…]

SPECTRE Variant 1 scanning tool

As part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]

Red Hat’s disclosure process

Last week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]

RHBA-2019:0499-1: resource-agents bug fix update

Red Hat Enterprise Linux:Updated resource-agents packages that fix one bug are now available for Red HatEnterprise Linux 7.

RHBA-2019:0497-1: gnome-tweak-tool bug fix update

Red Hat Enterprise Linux:Updated gnome-tweak-tool packages that fix two bugs are now available for RedHat Enterprise Linux 7.

RHBA-2019:0488-1: Red Hat Certification bug fix and enhancement update for RHEL6 and RHEL7

Red Hat Enterprise Linux:An updated redhat-certification package that fixes several bugs and adds variousenhancements is now available for Red Hat Enterprise Linux 6 and Red HatEnterprise Linux 7.

RHSA-2019:0544-1: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019

Red Hat Enterprise Linux:Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core onRed Hat Enterprise Linux.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score,[…]

RICOH SP 4520DN Printer HTML Injection

An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.

Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure

An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can[…]

Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but not limited to,[…]

Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker[…]

Sierra Wireless AirLink ES450 ACEManager iplogging.cgi Command Injection

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request[…]

Debian Security Advisory 4463-1

Debian Linux Security Advisory 4463-1 - Two vulnerabilities were discovered in the ZNC IRC bouncer which could result in remote code execution (CVE-2019-12816) or denial of service via invalid encoding (CVE-2019-9917).

Debian: DSA-4463-1: znc security update

Two vulnerabilities were discovered in the ZNC IRC bouncer which could result in remote code execution (CVE-2019-12816) or denial of service via invalid encoding (CVE-2019-9917).

Debian: DSA-4462-1: dbus security update

Joe Vennix discovered an authentication bypass vulnerability in dbus, an asynchronous inter-process communication system. The implementation of the DBUS_COOKIE_SHA1 authentication mechanism was susceptible to a symbolic link attack. A local attacker could take advantage of this flaw

Debian Security Advisory 4460-1

Debian Linux Security Advisory 4460-1 - Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work, which may result in authentication bypass, denial of service, cross-site scripting, information disclosure and bypass of anti-spam measures.

Debian: DSA-4460-1: mediawiki security update

Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work, which may result in authentication bypass, denial of service, cross-site scripting, information disclosure and bypass of anti-spam measures.

Debian Security Advisory 4459-1

Debian Linux Security Advisory 4459-1 - Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed.

Debian: DSA-4458-1: cyrus-imapd security update

A flaw was discovered in the CalDAV feature in httpd of the Cyrus IMAP server, leading to denial of service or potentially the execution of arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar[…]

Debian: DSA-4457-1: evolution security update

Hanno Böck discovered that Evolution was vulnerable to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted HTML email. This issue was mitigated by moving the security bar with encryption and signature information above the message

Debian: DSA-4454-2: qemu regression update

Vincent Tondellier reported that the qemu update issued as DSA 4454-1 did not correctly backport the support to define the md-clear bit to allow mitigation of the MDS vulnerabilities. Updated qemu packages are now available to correct this issue.

Linux Nested User Namespace idmap Limit Local Privilege Escalation

This Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user[…]

DHCP Client Command Injection (DynoRoot)

This Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or[…]

Libuser roothelper Privilege Escalation

This Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This Metasploit[…]

ABRT raceabrt Privilege Escalation

This Metasploit module attempts to gain root privileges on Fedora systems with a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured as the crash handler. A race condition allows local users to change ownership of arbitrary files (CVE-2015-3315). This[…]

Apport / ABRT chroot Privilege Escalation

This Metasploit module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace ("container"). Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are vulnerable, due to a feature which allows forwarding reports[…]

GraphicsMagick -- multiple vulnerabilities

Vim/NeoVim -- Security vulnerability

mybb -- vulnerabilities

[20190602] - Core - XSS in subform field

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.6.0 through 3.9.6Exploit type: XSSReported Date: 2019-January-01Fixed Date: 2019-June-11CVE Number: CVE-2019-12766DescriptionThe subform fieldtype does not sufficiently filter or validate input of subfields, this leads to XSS attack vectors.Affected InstallsJoomla! CMS versions 3.6.0 through 3.9.6SolutionUpgrade to[…]

[20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.3 through 3.9.5Exploit type: Object InjectionReported Date: 2019-March-27Fixed Date: 2019-May-07DescriptionIn Joomla 3.9.3, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the Joomla core. In order[…]

Simple Image Gallery Pro v3.6.6 released

Simple Image Gallery Pro v3.6.6 has just been released. This is a maintenance release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.6:Fixed modal URL in frontend editing that affected Joomla 3.x users under certain SEF/path setups.Updated frontend[…]

[20190402] - Core - Helpsites refresh endpoint callable for unauthenticated users

Project: Joomla!SubProject: CMSImpact: LowSeverity: HighVersions: 3.2.0 through 3.9.4Exploit type: ACL ViolationReported Date: 2019-March-13Fixed Date: 2019-April-08CVE Number: CVE-2019-10946DescriptionThe "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.Affected InstallsJoomla! CMS versions 3.2.0 through 3.9.4SolutionUpgrade to version[…]

SocialConnect v1.9.0 released

SocialConnect v1.9.0 has just been released. It mainly improves compatibility with Twitter and LinkedIn API updates (either already in force or soon to be enforced).Here's what's been added or changed in SocialConnect with the release of v1.9.0:Updated for recent Twitter API changes that[…]

[20190303] - Core - XSS in media form field

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0 through 3.9.3Exploit type: XSSReported Date: 2019-February-25Fixed Date: 2019-March-12CVE Number: CVE-2019-9714DescriptionThe media form field lacks escaping, leading to a XSS vulnerability.Affected InstallsJoomla! CMS versions 3.2.0 through 3.9.3SolutionUpgrade to version 3.9.4ContactThe JSST at the Joomla! Security[…]

Simple Image Gallery Pro v3.6.5 released

Simple Image Gallery Pro v3.6.5 has just been released. This is a feature-improvement release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.5:Added a new "File size limit per uploaded image" option in the component's[…]

Simple Image Gallery Pro v3.6.4 released

Simple Image Gallery Pro v3.6.4 has just been released. This is both a bugfix and feature-improvement release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.4:New galleries added directly via the gallery form will not[…]

Simple Image Gallery Pro v3.6.3 released

Simple Image Gallery Pro v3.6.3 has just been released. This is a bugfix release addressing a JS issue when using Simple Image Gallery Pro in K2 frontend editing.Here's what's been added or changed in Simple Image Gallery Pro with the release[…]

Simple Image Gallery Pro v3.6.1 released

Just a day after we released Simple Image Gallery Pro v3.6.0, we're issuing a bugfix update (v3.6.1). Well, this is what happens when you release on the 13th :)Here's what's been added or changed in Simple Image Gallery Pro with the[…]

Rapicode, Multiple Extensions, Back Door

Rapicode, nultiple extensions, current versions, back doorExtensions affected are:-Rapi Content TickerRapi Content CarouselRapi Cookie ConsentRapi CountdownRapi PreloaderRapi Loading Progress BarRapi Page AnimateAt the moment the back door seems to be loading mining code, it can be used to load arbitrary[…]

Fastball, SQL Injection

Fastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection

Simple Calendar,3.1.9,SQL Injection

Simple Calendar by Fabrizio Albonico, versions 3.1.9 and previous, SQL Injection

JMS Music,1.1.1,SQL Injection

JMS Music by Joomasters, versions 1.1.1 and previous, SQL Injection

Realpin,1.5.04,SQL Injection

Realpin by Marcel Törpe, versions 1.5.04 and previous, SQL Injection

K2 v2.8.0 released

K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…]

K2 Plugin for sh404SEF

A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…]

K2 v3 to be presented in JoomlaDay Brasil 2015

(originally posted in the JoomlaWorks blog) It's been a while, I know. You see, Joomla is not the only organization undergoing changes. So are we :)Part of this change is the introduction of new awesome products for Joomla including new templates,[…]

Videocorso sul componente K2 versione 2.6.9 per Joomla 3

Ciao a tutti. Sono Antonio Mercurio dall'Italia. Per passione mi occupo di realizzare guide in formato e-book disponibili su Amazon e Google Play Store e di videoguide su youtube. Volevo informare la comunità di K2 che ho realizzato un videocorso[…]

Update of the K2 Import / Export tool

The tool to export data from K2 to a CSV file and to import data from a CSV file to K2 just got updated. 2.1 for Joomla 3.x changes: small bugfixesbetter date checksimport/export Hints + Item Parameters 1.3 for Joomla[…]

SocialConnect

SocialConnect allows your visitors to easily connect to your Joomla site using their favorite social network. But it's not just that - it brings a whole new meaning to the word "community" for Joomla and it's a perfect companion to[…]

Disqus Comments (for Joomla)

Disqus Comments (for Joomla) integrates the Disqus comments system & service into any Joomla based website. Disqus (pronounced 'discuss') is a service and tool for web comments and discussions - currently the most popular comments-as-a-service provider worldwide. It makes commenting[…]

Simple Image Gallery

Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…]

Simple RSS Feed Reader

Adding RSS/Atom syndicated content inside your Joomla website is now super-easy and simple with the 'Simple RSS Feed Reader' module from JoomlaWorks. All you have to do is add a few feeds to the module parameters, publish the module in[…]

CVE-2019-12207

njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-11837

njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c. (CVSS:5.0) (Last Update:2019-05-09)

CVE-2019-11839

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-10)

CVE-2018-16844

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen'[…]

CVE-2016-4450

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. (CVSS:5.0)[…]

Security update for clamav 13716

Abstract: Moderate: Security update for clamavPatch: slessp3-clamav-13716 CVEs:CVE-2018-0360, CVE-2018-0361 Bugs:1101654, 1101410, 1101412, 1103040Applies to:Package(s): clamavProduct(s):SUSE Linux Enterprise Server 11 SP3 LTSSDownloads: SUSE Linux Enterprise Point of Service 11 SP3 for x86SUSE Linux Enterprise Server 11 SP4 for x86-64SUSE Linux Enterprise[…]

Security update for enigmail 1514

Abstract: Moderate: Security update for enigmailPatch: SUSE-SLE-Product-WE-15-2018-1514 CVEs:CVE-2018-12019, CVE-2018-12020 Bugs:1094781, 1096745, 1097525Applies to:Package(s): enigmailProduct(s):SUSE Linux Enterprise Workstation Extension 15Downloads: SUSE Linux Enterprise Workstation Extension 15 for x86-64

Security update for pidgin 13717

Abstract: Moderate: Security update for pidginPatch: sdksp4-pidgin-13717 CVEs:CVE-2017-2640 Bugs:1028835Applies to:Package(s): finch finch-devel libpurple libpurple-devel libpurple-lang pidgin pidgin-develProduct(s):SUSE Linux Enterprise Software Development Kit 11 SP4Downloads: SUSE Linux Enterprise Software Development Kit 11 SP4 for x86-64SUSE Linux Enterprise Software Development Kit 11[…]

Security update for the Linux Kernel 1504

Abstract: Important: Security update for the Linux KernelPatch: SUSE-SLE-Product-WE-15-2018-1504 CVEs:CVE-2018-5390, CVE-2017-18344 Bugs:1012382, 1037697, 1046299, 1046300, 1046302, 1046303, 1046305, 1046306, 1046307, 1046533, 1046543, 1050242, 1050536, 1050538, 1050540, 1051510, 1054245, 1056651, 1056787, 1058169, 1058659, 1060463, 1068032, 1075087, 1075360, 1077338, 1077761, 1077989, 1085042,[…]

Security update for libsoup 1497

Abstract: Moderate: Security update for libsoupPatch: SUSE-SLE-SDK-12-SP3-2018-1497 CVEs:CVE-2018-12910, CVE-2017-2885 Bugs:1052916, 1100097, 1086036Applies to:Package(s): libsoup-develProduct(s):SUSE Linux Enterprise Software Development Kit 12 SP3Downloads: SUSE Linux Enterprise Desktop 12 SP3 for x86-64SUSE Linux Enterprise Server 12 SP3 for x86-64SUSE Linux Enterprise Server 12[…]