CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This[…]

CVE-2019-10098

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVSS:5.8) (Last Update:2019-10-09)

CVE-2019-0197

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the[…]

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the[…]

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)

Red Hat Security Advisory 2020-2383-01

Red Hat Security Advisory 2020-2383-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. An issue was addressed where BIND does not sufficiently limit the number of fetches performed when processing referrals as well[…]

Red Hat Security Advisory 2020-2382-01

Red Hat Security Advisory 2020-2382-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2020-2380-01

Red Hat Security Advisory 2020-2380-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2020-2305-01

Red Hat Security Advisory 2020-2305-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2020-2369-01

Red Hat Security Advisory 2020-2369-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

Security Technologies: FORTIFY_SOURCE

FORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all[…]

Security Technologies: Stack Smashing Protection (StackGuard)

In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function[…]

How SELinux helps mitigate risk while facilitating compliance

Language EnglishMany of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container[…]

SPECTRE Variant 1 scanning tool

As part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]

Red Hat’s disclosure process

Last week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]

RHBA-2019:0499-1: resource-agents bug fix update

Red Hat Enterprise Linux:Updated resource-agents packages that fix one bug are now available for Red HatEnterprise Linux 7.

RHBA-2019:0497-1: gnome-tweak-tool bug fix update

Red Hat Enterprise Linux:Updated gnome-tweak-tool packages that fix two bugs are now available for RedHat Enterprise Linux 7.

RHBA-2019:0488-1: Red Hat Certification bug fix and enhancement update for RHEL6 and RHEL7

Red Hat Enterprise Linux:An updated redhat-certification package that fixes several bugs and adds variousenhancements is now available for Red Hat Enterprise Linux 6 and Red HatEnterprise Linux 7.

RHSA-2019:0544-1: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019

Red Hat Enterprise Linux:Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core onRed Hat Enterprise Linux.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score,[…]

Cayin Signage Media Player 3.0 Root Remote Command Injection

CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.

Synology DiskStation Manager smart.cgi Remote Command Execution

This Metasploit module exploits a vulnerability found in Synology DiskStation Manager (DSM) versions prior to 5.2-5967-5, which allows the execution of arbitrary commands under root privileges after website authentication. The vulnerability is located in webman/modules/StorageManager/smart.cgi, which allows appending of a[…]

Zen Load Balancer 3.10.1 Directory Traversal

This Metasploit module exploits an authenticated directory traversal vulnerability in Zen Load Balancer version 3.10.1. The flaw exists in index.cgi not properly handling the filelog= parameter which allows a malicious actor to load arbitrary file path.

Barco WePresent file_transfer.cgi Command Injection

This Metasploit module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.

Debian Security Advisory 4507-1

Debian Linux Security Advisory 4507-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache. The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgr.cgi allowed remote attackers to perform[…]

Debian: DSA-4694-1: unbound security update

Two vulnerabiliites have been discovered in Unbound, a recursive-only caching DNS server; a traffic amplification attack against third party authoritative name servers (NXNSAttack) and insufficient sanitisation of replies from upstream servers could result in denial of service via

Debian: DSA-4692-1: netqmail security update

Georgi Guninski and the Qualys Research Labs discovered multiple vulnerabilities in qmail (shipped in Debian as netqmail with additional patches) which could result in the execution of arbitrary code, bypass of mail address verification and a local information leak whether[…]

Debian: DSA-4690-1: dovecot security update

Several vulnerabilities were discovered in the Dovecot email server, which could cause crashes in the submission, submission-login or lmtp services, resulting in denial of service.

Debian: DSA-4688-1: dpdk security update

Multiple vulnerabilities were discovered in the vhost code of DPDK, a set of libraries for fast packet processing, which could result in denial of service or the execution of arbitrary code by malicious guests/containers.

Debian Security Advisory 4633-1

Debian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.

Debian Security Advisory 4628-1

Debian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.

Debian Security Advisory 4627-1

Debian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.

Debian Security Advisory 4624-1

Debian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.

Debian Security Advisory 4621-1

Debian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.

vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and[…]

SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]

Linux Kernel Local Privilege Escalation

Linux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.

Reliable Datagram Sockets (RDS) Privilege Escalation

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version[…]

MagniComp SysInfo mcsiwrapper Privilege Escalation

This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable[…]

GnuTLS -- flaw in TLS session ticket key construction

Django -- multiple vulnerabilities

nghttp2 -- DoS vulnerability

[20200602] - Core - Inconsistent default textfilter settings

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 2.5.0-3.9.18Exploit type: Insecure PermissionsReported Date: 2020-April-23Fixed Date: 2020-June-02CVE Number: CVE-2020-13763DescriptionThe default settings of the global "textfilter" configuration doesn't block HTML inputs for 'Guest' users. With 3.9.19, the textfilter for new installations has been set to[…]

[20200604] - Core - XSS in jQuery.htmlPrefilter

Project: Joomla!SubProject: CMSImpact: LowSeverity: ModerateVersions: 3.0.0-3.9.18Exploit type: XSSReported Date: 2020-April-10Fixed Date: 2020-June-02CVE Number: CVE-2020-11022 and CVE-2020-11023DescriptionThe jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery[…]

AllVideos 6.1.0 now available - adds Mixcloud support

Version 6.1.0 of AllVideos is now available. This new release introduces support for Mixcloud embeds and improves support for PHP 7.4.Here's what's been added or changed in this new release of AllVideos:Added support for Mixcloud embeds. Just use the pattern[…]

[20200401] - Core - Incorrect access control in com_users access level editing function

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.8.8 - 3.9.16Exploit type: Incorrect Access ControlReported Date: 2020-March-13Fixed Date: 2020-April-21CVE Number: CVE-2020-11891DescriptionIncorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.Affected InstallsJoomla! CMS versions 3.8.8 - 3.9.16SolutionUpgrade to version 3.9.17ContactThe JSST[…]

[20200403] - Core -Incorrect access control in com_users access level deletion function

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 2.5.0 - 3.9.16Exploit type: Incorrect Access ControlReported Date: 2020-March-13Fixed Date: 2020-April-21CVE Number: CVE-2020-11889DescriptionIncorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.16SolutionUpgrade to version 3.9.17ContactThe JSST[…]

[20200304] - Core - Identifier collisions in com_users

Project: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions: 3.0.0-3.9.15Exploit type: OtherReported Date: 2020-February-07Fixed Date: 2020-March-10CVE Number: CVE-2020-10240DescriptionMissing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.15SolutionUpgrade to[…]

Getting Snowflake (the open source graphical SSH/SFTP client) to run on macOS

I don't usually write similar blog posts, but I've been really enjoying Snowflake recently. What's Snowflake you ask? Well, it's a new open source graphical SSH/SFTP client which makes working with remote servers a breeze. It works like Panic's Coda when[…]

AllVideos v6.0.0 released - now Joomla 4 compatible!

Version 6.0.0 of AllVideos is now available. This is a feature release, which also introduces full support with the upcoming Joomla version 4 release.Here's what's been added or changed in this new release of AllVideos:Fully compatible with the upcoming Joomla[…]

RadioWave v1.2.0 released

RadioWave v1.2.0 has just been released. This is a bugfix and feature-improvement release.Here's what's been added or changed in RadioWave with the release of v1.2.0:Fixed time parsing for the OnAir template override (K2 Content module) which caused the module's output[…]

AllVideos v5.2.0 released

Version 5.2.0 of AllVideos is now available. This is a bugfix release and it also improves compatibility with PHP 7.4.Here's what's been added or changed in this new release of AllVideos:Improves PHP 7.4 compatibility.Fixes the "loop" control for HTML5 media[…]

Retiring the K2 templates section

As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED).We stopped accepting new entries for templates in the KED about 2 weeks ago and this week[…]

K2 v2.10.1 released

K2 v2.10.1 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance release that addresses a few bugs that were introduced with v2.10.0 released a couple weeks ago and we urge everyone using v2.10.0 to[…]

AllVideos v5.1.0 released - now with Twitch support

Version 5.1.0 of AllVideos is now available, adding support for Twitch and fixing a couple of bugs introduced in v5.0.0.Here's what's been added or changed in this new release of AllVideos:AllVideos now supports Twitch as a 3rd party video provider. You[…]

Rapicode, Multiple Extensions, Back Door

Rapicode, nultiple extensions, current versions, back doorExtensions affected are:-Rapi Content TickerRapi Content CarouselRapi Cookie ConsentRapi CountdownRapi PreloaderRapi Loading Progress BarRapi Page AnimateAt the moment the back door seems to be loading mining code, it can be used to load arbitrary[…]

Fastball, SQL Injection

Fastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection

SquadManagement,1.0.3,SQL Injection

SquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection

JS Autoz ,1.0.9,SQL Injection

JS Autoz by Joomsky.com, 1.0.9 and previous, SQL Injection

Joomla! Pinterest Clone Social Pinboard,2.0,SQL Injection

Joomla! Pinterest Clone Social Pinboard from apptha.com, 2.0, multiple SQL Injection vulnerabilities

K2 v2.7.1 released

K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…]

K2 v2.7.0 released

Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…]

SocialConnect

SocialConnect is the only Joomla extension that allows you to integrate your Joomla site with social networks and identity providers for user authentication, posting content directly to social networks and 3rd-party comment system integration.FeaturesLet your users register to your website[…]

Disqus Comments (for Joomla)

Disqus Comments (for Joomla) integrates the Disqus comments system & service into any Joomla based website. Disqus (pronounced 'discuss') is a service and tool for web comments and discussions - currently the most popular comments-as-a-service provider worldwide. It makes commenting[…]

Frontpage SlideShow

Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber cool slideshow with text snippets laying on[…]

Simple Image Gallery

Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…]

CVE-2019-13067

njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. (CVSS:7.5) (Last Update:2019-07-05)

CVE-2019-12207

njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-11837

njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c. (CVSS:5.0) (Last Update:2019-05-09)

CVE-2019-11839

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-10)

CVE-2018-16845

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a[…]

Security update for autoyast2 1296

Abstract: Moderate: Security update for autoyast2Patch: SUSE-SLE-Module-Basesystem-15-SP1-2020-1296 CVEs:CVE-2019-18905 Bugs:1170082, 1133045, 1164105, 1140711, 1109310, 1168281, 1168123Applies to:Package(s): autoyast2 autoyast2-installationProduct(s):SUSE Linux Enterprise Server 15 SP1Downloads: SUSE Linux Enterprise Server 15 SP1 for x86-64SUSE Linux Enterprise Server 15 SP1 for s390xSUSE Linux Enterprise[…]

Security update for openexr 1293

Abstract: Moderate: Security update for openexrPatch: SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1293 CVEs:CVE-2020-11761, CVE-2020-11760, CVE-2020-11763, CVE-2020-11758, CVE-2020-11765, CVE-2020-11762, CVE-2020-11764 Bugs:1169549, 1169575, 1146648, 1169578, 1169576, 1169580, 1169573, 1169574Applies to:Package(s): libIlmImf-2_2-23 libIlmImfUtil-2_2-23 openexr-develProduct(s):SUSE Linux Enterprise Server 15 SP1Downloads: SUSE Linux Enterprise Desktop 15 SP1 for x86-64SUSE Linux[…]

Security update for libxml2 1299

Abstract: Moderate: Security update for libxml2Patch: SUSE-SLE-Module-Python2-15-SP1-2020-1299 CVEs:CVE-2019-19956, CVE-2020-7595, CVE-2019-20388 Bugs:1159928, 1161517, 1161521Applies to:Package(s): python2-libxml2-pythonProduct(s):SUSE Linux Enterprise Server 15 SP1Downloads: SUSE Linux Enterprise Server 15 SP1 for x86-64SUSE Linux Enterprise Server 15 SP1 for x86-64SUSE Linux Enterprise Server 15 SP1[…]

Security update for file 1294

Abstract: Moderate: Security update for filePatch: SUSE-SLE-Module-Basesystem-15-SP1-2020-1294 CVEs:CVE-2019-18218 Bugs:1154661, 1169512Applies to:Package(s): file file-devel file-magic libmagic1Product(s):SUSE Linux Enterprise Server 15 SP1Downloads: SUSE Linux Enterprise Server 15 SP1 for x86-64SUSE Linux Enterprise Server 15 SP1 for x86-64SUSE Linux Enterprise Server 15 SP1[…]

Security update for gstreamer-plugins-base 1300

Abstract: Important: Security update for gstreamer-plugins-basePatch: SUSE-SLE-Product-SLES_SAP-15-2020-1300 CVEs:CVE-2019-9928 Bugs:1133375Applies to:Package(s): gstreamer-plugins-base gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0Product(s):SUSE Linux Enterprise Server for SAP Applications 15Downloads: SUSE Linux Enterprise Desktop 15 SP1 for x86-64SUSE Linux Enterprise[…]