CVE-2019-10082

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVSS:6.4) (Last Update:2019-09-27)

CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be[…]

CVE-2019-10081

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not[…]

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects[…]

CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)

Red Hat Security Advisory 2020-0194-01

Red Hat Security Advisory 2020-0194-01 - The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans.

Red Hat Security Advisory 2020-0174-01

Red Hat Security Advisory 2020-0174-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include buffer overflow, bypass, denial of service, heap overflow, and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-0168-01

Red Hat Security Advisory 2020-0168-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2020-0192-01

Red Hat Security Advisory 2020-0192-01 - Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 20.0.0.1 serves as a replacement for Open Liberty 19.0.0.12 and includes bug fixes, enhancements,[…]

Red Hat Security Advisory 2020-0166-01

Red Hat Security Advisory 2020-0166-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

The Product Security Blog has moved!

Red Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]

New Red Hat Product Security OpenPGP key

Red Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]

Managing risk in the modern world

Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…]

Security Technologies: ExecShield

The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…]

Insights Security Hardening Rules

Many users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]

RHBA-2019:0500-1: nss-pem bug fix update

Red Hat Enterprise Linux:Updated nss-pem packages that fix one bug are now available for Red HatEnterprise Linux 7.6.

RHBA-2019:0498-1: rear bug fix update

Red Hat Enterprise Linux:Updated rear packages that fix several bugs are now available for Red HatEnterprise Linux 7.

RHBA-2019:0496-1: tuned bug fix update

Red Hat Enterprise Linux:Updated tuned packages that fix two bugs are now available for Red HatEnterprise Linux 7.

RHBA-2019:0484-1: dpdk bug fix update

Red Hat Enterprise Linux:Updated dpdk packages that fix one bug are now available in the Extras channelof Red Hat Enterprise Linux 7.

RHEA-2019:0543-1: new packages: rh-jmc

Red Hat Enterprise Linux:New rh-jmc packages are now available as a part of Red Hat Software Collections3.2 for Red Hat Enterprise Linux 7.

Barco WePresent file_transfer.cgi Command Injection

This Metasploit module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.

Debian Security Advisory 4507-1

Debian Linux Security Advisory 4507-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache. The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgr.cgi allowed remote attackers to perform[…]

ABB IDAL HTTP Server Authentication Bypass

The IDAL HTTP server CGI interface contains a URL, which allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. In the IDAL CGI interface, there is a URL (/cgi/loginDefaultUser), which will create a session in an[…]

RICOH SP 4520DN Printer HTML Injection

An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.

Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure

An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can[…]

Debian Security Advisory 4607-1

Debian Linux Security Advisory 4607-1 - Lukas Kupczyk reported a vulnerability in the handling of chunked HTTP in openconnect, an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN. A malicious HTTP server (after having accepted its identity certificate), can[…]

Debian Security Advisory 4604-1

Debian Linux Security Advisory 4604-1 - Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users.

Debian Security Advisory 4603-1

Debian Linux Security Advisory 4603-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or information disclosure.

Debian Security Advisory 4601-1

Debian Linux Security Advisory 4601-1 - It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation.

Debian Security Advisory 4599-1

Debian Linux Security Advisory 4599-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create open redirects, poison cache, and bypass authorization[…]

vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and[…]

SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]

Linux Kernel Local Privilege Escalation

Linux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.

Reliable Datagram Sockets (RDS) Privilege Escalation

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version[…]

MagniComp SysInfo mcsiwrapper Privilege Escalation

This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable[…]

gitea -- multiple vulnerabilities

drm graphics drivers -- potential information disclusure via local access

AllVideos v6.0.0 released - now Joomla 4 compatible!

Version 6.0.0 of AllVideos is now available. This is a feature release, which also introduces full support with the upcoming Joomla version 4 release.Here's what's been added or changed in this new release of AllVideos:Fully compatible with the upcoming Joomla[…]

RadioWave v1.2.0 released

RadioWave v1.2.0 has just been released. This is a bugfix and feature-improvement release.Here's what's been added or changed in RadioWave with the release of v1.2.0:Fixed time parsing for the OnAir template override (K2 Content module) which caused the module's output[…]

AllVideos v5.2.0 released

Version 5.2.0 of AllVideos is now available. This is a bugfix release and it also improves compatibility with PHP 7.4.Here's what's been added or changed in this new release of AllVideos:Improves PHP 7.4 compatibility.Fixes the "loop" control for HTML5 media[…]

[20191202] - Core - Various SQL injections through configuration parameters

Project: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions: 2.5.0 - 3.9.13Exploit type: SQL injectionReported Date: 2019-December-01Fixed Date: 2019-December-17CVE Number: CVE-2019-19846DescriptionThe lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.13SolutionUpgrade to version 3.9.14ContactThe JSST[…]

Retiring the K2 templates section

As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED).We stopped accepting new entries for templates in the KED about 2 weeks ago and this week[…]

K2 v2.10.1 released

K2 v2.10.1 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance release that addresses a few bugs that were introduced with v2.10.0 released a couple weeks ago and we urge everyone using v2.10.0 to[…]

[20191001] - Core - CSRF in com_template overrides view

Project: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions: 3.2.0-3.9.12Exploit type: CSRFReported Date: 2019-October-10Fixed Date: 2019-November-05CVE Number: CVE-2019-18650DescriptionA missing token check in com_template causes a CSRF vulnerability.Affected InstallsJoomla! CMS versions 3.2.0 - 3.9.12SolutionUpgrade to version 3.9.13ContactThe JSST at the Joomla! Security Centre.Reported By: Lee[…]

[20190901] - Core - XSS in logo parameter of default templates

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.0.0-3.9.11Exploit type: XSSReported Date: 2019-August-28Fixed Date: 2019-September-24CVE Number: CVE-2019-16725DescriptionInadequate escaping allowed XSS attacks using the logo parameter of the default templates.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.11SolutionUpgrade to version 3.9.12ContactThe JSST at the Joomla! Security[…]

[20190801] - Core - Hardening com_contact contact form

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 1.6.2 - 3.9.10Exploit type: Incorrect Access ControlReported Date: 2019-April-09Fixed Date: 2019-August-13CVE Number: CVE-2019-15028DescriptionInadequate checks in com_contact could allowed mail submission in disabled forms.Affected InstallsJoomla! CMS versions 1.6.2 - 3.9.10SolutionUpgrade to version 3.9.11ContactThe JSST at the[…]

Kiji & nuModusVersus updated to v1.1.0 - sunsetting NewsWorth, Nokkori, Tamashi & The Conversationalist

Both Kiji & nuModusVersus have just been updated to v1.1.0. These are bugfix and feature-improvement releases.Here's what's been added or changed in both Kiji & nuModusVersus with the release of v1.1.0:Lots of K2 related fixes/improvements including: use the new K2 modal introduced in v2.9.0,[…]

Simple Image Gallery Pro v3.6.7 released

Simple Image Gallery Pro v3.6.7 is now available to download for subscribers. This is a bugfix release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.7:Resolve a permissions check in Joomla versions between 3.0.0 and 3.5.0, which[…]

[20190602] - Core - XSS in subform field

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.6.0 through 3.9.6Exploit type: XSSReported Date: 2019-January-01Fixed Date: 2019-June-11CVE Number: CVE-2019-12766DescriptionThe subform fieldtype does not sufficiently filter or validate input of subfields, this leads to XSS attack vectors.Affected InstallsJoomla! CMS versions 3.6.0 through 3.9.6SolutionUpgrade to[…]

K2 v2.9.0 released

K2 v2.9.0 is now available to download for Joomla 1.5 to 3.x. In short, this release improves compatibility with the latest releases of Joomla 3.8.x & improves frontend performance overall.To install K2 for the first time or update your existing[…]

Google Map Landkarten,4.2.3,SQL Injection

Google Map Landkarten from joomla-24.de, versions 4.2.3 and previous, SQL Injection

File Download Tracker,3.0,SQL Injection

File Download Tracker by techsolsystem.com, 3.0, SQL Injection

SquadManagement,1.0.3,SQL Injection

SquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection

JS Autoz ,1.0.9,SQL Injection

JS Autoz by Joomsky.com, 1.0.9 and previous, SQL Injection

Joomla! Pinterest Clone Social Pinboard,2.0,SQL Injection

Joomla! Pinterest Clone Social Pinboard from apptha.com, 2.0, multiple SQL Injection vulnerabilities

K2 v2.7.1 released

K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…]

K2 v2.7.0 released

Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…]

Video course on K2 for Joomla 3

Hi everyone. I'm Antonio Mercurio from Italy. I'm passioned about opensource software such as Joomla, Drupal, Wordpress and many others. I made a video course on K2 for Joomla 3 in Italian on the Udemy platform. The video course is[…]

K2

K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…]

Simple RSS Feed Reader

Adding RSS/Atom syndicated content inside your Joomla website is now super-easy and simple with the 'Simple RSS Feed Reader' module from JoomlaWorks. All you have to do is add a few feeds to the module parameters, publish the module in[…]

Simple Image Gallery Pro

NEW VERSION 3.7.0 released in December 2019!Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish[…]

AllVideos

AllVideos (by JoomlaWorks) is the universal media player for Joomla and a classic must-have extension for any Joomla based website.Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo, Dailymotion, Twitch,[…]

CVE-2019-13617

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. (CVSS:4.3) (Last Update:2019-07-18)

CVE-2019-12206

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-12208

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-11838

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-09)

CVE-2018-16844

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen'[…]

Security update for samba 152

Abstract: Moderate: Security update for sambaPatch: SUSE-SLE-SDK-12-SP5-2020-152 CVEs:CVE-2019-14907 Bugs:1160888Applies to:Package(s): libndr-devel libndr-krb5pac-devel libndr-nbt-devel libndr-standard-devel libsamba-util-devel libsmbclient-devel libwbclient-devel samba-core-develProduct(s):SUSE Linux Enterprise Software Development Kit 12 SP5Downloads: SUSE Linux Enterprise High Availability Extension 12 SP5 for x86-64SUSE Linux Enterprise High Availability Extension[…]

Security update for Mesa 146

Abstract: Moderate: Security update for MesaPatch: SUSE-SLE-WE-12-SP5-2020-146 CVEs:CVE-2019-5068 Bugs:1156015Applies to:Package(s): Mesa-libGLESv1_CM1 Mesa-libGLESv2-2-32bit Mesa-libd3d Mesa-libva libXvMC_nouveau libXvMC_r600 libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeonProduct(s):SUSE Linux Enterprise Workstation Extension 12 SP5Downloads: SUSE Linux Enterprise Server 12 SP5 for x86-64SUSE Linux Enterprise Server 12[…]

Security update for libssh 129

Abstract: Important: Security update for libsshPatch: SUSE-SLE-Module-Basesystem-15-SP1-2020-129 CVEs:CVE-2019-14889 Bugs:1158095Applies to:Package(s): libssh-devel libssh4Product(s):SUSE Linux Enterprise Server 15 SP1Downloads: SUSE Linux Enterprise Server 15 SP1 for x86-64SUSE Linux Enterprise Server 15 SP1 for s390xSUSE Linux Enterprise Server 15 SP1 for ppc64leSUSE Linux[…]

Security update for MozillaThunderbird 142

Abstract: Important: Security update for MozillaThunderbirdPatch: SUSE-SLE-Product-WE-15-2020-142 CVEs:CVE-2019-17017, CVE-2019-17016, CVE-2019-17024, CVE-2019-17022, CVE-2019-17026, CVE-2019-17015, CVE-2019-17021 Bugs:1160305, 1160498Applies to:Package(s): MozillaThunderbird MozillaThunderbird-translations-common MozillaThunderbird-translations-otherProduct(s):SUSE Linux Enterprise Workstation Extension 15Downloads: SUSE Linux Enterprise Workstation Extension 15 SP1 for x86-64SUSE Linux Enterprise Workstation Extension 15 for[…]

Security update for java-11-openjdk 140

Abstract: Important: Security update for java-11-openjdkPatch: SUSE-SLE-SERVER-12-SP5-2020-140 CVEs:CVE-2020-2601, CVE-2020-2654, CVE-2020-2583, CVE-2020-2593, CVE-2020-2604, CVE-2020-2590, CVE-2020-2655 Bugs:1160968Applies to:Package(s): java-11-openjdk java-11-openjdk-demo java-11-openjdk-devel java-11-openjdk-headlessProduct(s):SUSE Linux Enterprise Server 12 SP5Downloads: SUSE Linux Enterprise Server 12 SP5 for x86-64SUSE Linux Enterprise Server 12 SP5 for s390xSUSE[…]