-
CVE-2023-25690
Latest security vulnerabilities Apache Http Server Mar 7, 2023 | 00:00 amSome mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion[…]
Read more... -
CVE-2023-27522
Latest security vulnerabilities Apache Http Server Mar 7, 2023 | 00:00 amHTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. (CVSS:0.0) (Last Update:2023-03-14)
Read more... -
CVE-2022-36760
Latest security vulnerabilities Apache Http Server Jan 17, 2023 | 00:00 amInconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version[…]
Read more... -
CVE-2022-37436
Latest security vulnerabilities Apache Http Server Jan 17, 2023 | 00:00 amPrior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be[…]
Read more... -
CVE-2022-28614
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 00:00 amThe ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed[…]
Read more... -
CVE-2022-28615
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 00:00 amApache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a[…]
Read more... -
CVE-2022-29404
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 00:00 amIn Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. (CVSS:5.0) (Last Update:2022-08-24)
Read more... -
CVE-2022-30522
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 00:00 amIf Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. (CVSS:5.0) (Last Update:2022-09-07)
Read more... -
CVE-2022-30556
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 00:00 amApache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. (CVSS:5.0) (Last Update:2022-08-19)
Read more... -
CVE-2022-31813
Latest security vulnerabilities Apache Http Server Jun 9, 2022 | 00:00 amApache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. (CVSS:7.5) (Last Update:2022-08-19)
Read more...
-
The Product Security Blog has moved!
Red Hat Security Blog Blog Posts Mar 19, 2019 | 19:38 pmRed Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more... -
New Red Hat Product Security OpenPGP key
Red Hat Security Blog Blog Posts Aug 22, 2018 | 13:30 pmRed Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more... -
SPECTRE Variant 1 scanning tool
Red Hat Security Blog Blog Posts Jul 18, 2018 | 13:30 pmAs part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more... -
Red Hat’s disclosure process
Red Hat Security Blog Blog Posts Jul 10, 2018 | 13:00 pmLast week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more... -
Join us in San Francisco at the 2018 Red Hat Summit
Red Hat Security Blog Blog Posts Apr 23, 2018 | 14:30 pmThis year’s Red Hat Summit will be held on May 8-10 in beautiful San Francisco, USA.Product Security will be joining many Red Hat security experts in presenting and assisting subscribers and partners at the show.Here is a sneak peek at[…]
Read more... -
Certificate Transparency and HTTPS
Red Hat Security Blog Blog Posts Apr 17, 2018 | 15:00 pmGoogle has announced that on April 30, 2018, Chrome will:“...require that all TLS server certificates issued after 30 April, 2018 be compliant with the Chromium CT Policy. After this date, when Chrome connects to a site serving a publicly-trusted certificate[…]
Read more... -
Let's talk about PCI-DSS
Red Hat Security Blog Blog Posts Feb 28, 2018 | 14:30 pmFor those who aren’t familiar with Payment Card Industry Data Security Standard (PCI-DSS), it is the standard that is intended to protect our credit card data as it flows between systems and is stored in company databases.PCI-DSS requires that all[…]
Read more... -
Security is from Mars, Developers are from Venus…...or ARE they?
Red Hat Security Blog Blog Posts Nov 16, 2017 | 15:00 pmIt is a tale as old as time.Developers and security personnel view each other withsuspicion.The perception is that a vast gulf of understanding and ability lies between the two camps.“They can’t possibly understand what it is to do my job!”[…]
Read more... -
Abuse of RESTEasy Default Providers in JBoss EAP
Red Hat Security Blog Blog Posts Oct 18, 2017 | 13:30 pmRed Hat JBoss Enterprise Application Platform (EAP) is a commonly used host for Restful webservices. A powerful but potentially dangerous feature of Restful webservices on JBoss EAP is the ability to accept any media type. If not configured to accept[…]
Read more... -
Kernel Stack Protector and BlueBorne
Red Hat Security Blog Blog Posts Sep 12, 2017 | 11:51 amToday, a security issue called BlueBorne was disclosed, a vulnerability that could be used to attack sensitive systems via the Bluetooth protocol. Specifically, BlueBorne is a flaw where a remote (but physically quite close) attacker could get root on a[…]
Read more...
-
Debian: DSA-5380-1: xorg-server security update
LinuxSecurity Advisories Mar 29, 2023 | 12:59 pm
Read more...
Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the X.org X server may result in privilege escalation if the X server is running under the root user. -
Debian: DSA-5379-1: dino-im security update
LinuxSecurity Advisories Mar 27, 2023 | 20:10 pm
Read more...
Kim Alvefur discovered that insufficient message sender validation in dino-im, a modern XMPP/Jabber client, may result in manipulation of entries in the personal bookmark store without user interaction via a specially crafted message. Additionally an attacker can take advantage -
Debian: DSA-5378-1: xen security update
LinuxSecurity Advisories Mar 25, 2023 | 16:27 pm
Read more...
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks. -
Debian: DSA-5377-1: chromium security update
LinuxSecurity Advisories Mar 23, 2023 | 20:05 pm
Read more...
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. -
Debian: DSA-5376-1: apache2 security update
LinuxSecurity Advisories Mar 20, 2023 | 18:52 pm
Read more...
Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service. For the stable distribution (bullseye), these problems have been fixed in -
Debian: DSA-5356-2: sox regression update
LinuxSecurity Advisories Mar 17, 2023 | 09:50 am
Read more...
One of the security fixes released as DSA 5356 introduced a regression in the processing of specific WAV files. Updated sox packages are available to correct this issue. -
Debian: DSA-5375-1: thunderbird security update
LinuxSecurity Advisories Mar 17, 2023 | 09:43 am
Read more...
Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing. -
Debian: DSA-5374-1: firefox-esr security update
LinuxSecurity Advisories Mar 15, 2023 | 19:24 pm
Read more...
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing. -
Debian: DSA-5373-1: node-sqlite3 security update
LinuxSecurity Advisories Mar 14, 2023 | 21:48 pm
Read more...
Dave McDaniel discovered that the SQLite3 bindings for Node.js were susceptible to the execution of arbitrary JavaScript code if a binding parameter is a crafted object.
-
Gitlab -- Multiple Vulnerabilities
FreeBSD VuXML Mar 31, 2023 | 00:00 am
Read more... -
rubygem-uri -- ReDoS vulnerability
FreeBSD VuXML Mar 30, 2023 | 00:00 am
Read more... -
rubygem-time -- ReDoS vulnerability
FreeBSD VuXML Mar 30, 2023 | 00:00 am
Read more... -
powerdns-recursor -- denial of service
FreeBSD VuXML Mar 30, 2023 | 00:00 am
Read more... -
xorg-server -- Overlay Window Use-After-Free
FreeBSD VuXML Mar 29, 2023 | 00:00 am
Read more... -
OpenSSL -- Multiple vulnerabilities
FreeBSD VuXML Mar 29, 2023 | 00:00 am
Read more... -
Matrix clients -- Prototype pollution in matrix-js-sdk
FreeBSD VuXML Mar 29, 2023 | 00:00 am
Read more...
Dazu zählen z.B. Web Application Firewalls (WAF), die auch kostenlos erhältlich sind und durchaus einen sinnvollen, zusätzlichen Schutz bieten können. Zumindest kann sogenannten 'Script-Kiddies' der Spass deutlich erschwert werden.
-
New free extension release: Quick Menu (for Joomla 4)
Blog - JoomlaWorks Mar 6, 2023 | 18:47 pm
Read more...
Today we're launching Quick Menu, a new free admin module for Joomla 4 which adds a handy top-side (desktop) or bottom-side (mobile) menu in the Joomla 4 backend. The purpose of Quick Menu is to restore UX sanity & reduce[…] -
Quick Menu (for Joomla 4)
Updated Extensions - JoomlaWorks Mar 6, 2023 | 18:31 pm
Read more...
Quick Menu (by JoomlaWorks) is a Joomla 4 administrator module which adds a handy quick menu to the Joomla 4 backend to restore UX sanity! FEATURES Less clicks to important content management and admin tasks in the Joomla 4 backend...[…] -
Simple Image Gallery Pro
Updated Extensions - JoomlaWorks Feb 28, 2023 | 13:43 pm
Read more...
Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish image gallery within any Joomla article,[…] -
Disqus Comments (for Joomla)
Updated Extensions - JoomlaWorks Jan 23, 2023 | 14:08 pm
Read more...
Disqus Comments (for Joomla) integrates the Disqus comments system & service into any Joomla based website. Disqus (pronounced 'discuss') is a service and tool for web comments and discussions - currently the most popular comments-as-a-service provider worldwide. It makes commenting[…] -
K2 v2.11, rolling releases, Joomla 4 and more
blog Jan 11, 2023 | 16:51 pm
Read more...
K2 v2.11 is now available to download for Joomla versions 1.5 to 3.x. This release adds new features, improves existing features, resolves various bugs and adds PHP 8 compatibility. If you're also wondering what's up with Joomla 4, read on... First[…] -
Simple RSS Feed Reader
Updated Extensions - JoomlaWorks Jan 11, 2023 | 14:39 pm
Read more...
Adding RSS/Atom syndicated content inside your Joomla website is now super-easy and simple with the 'Simple RSS Feed Reader' module from JoomlaWorks. All you have to do is add a few feeds to the module parameters, publish the module in[…] -
Simple Image Gallery
Updated Extensions - JoomlaWorks Jan 11, 2023 | 14:28 pm
Read more...
Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…] -
AllVideos
Updated Extensions - JoomlaWorks Jan 11, 2023 | 14:27 pm
Read more...
AllVideos (by JoomlaWorks) is the universal media player for Joomla and a classic must-have extension for any Joomla based website. Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo, Dailymotion,[…] -
SocialConnect
Updated Extensions - JoomlaWorks Mar 3, 2022 | 19:05 pm
Read more...
SocialConnect is the only Joomla extension that allows you to integrate your Joomla site with social networks and identity providers for user authentication, posting content directly to social networks and 3rd-party comment system integration. Features Let your users register to[…] -
Frontpage SlideShow
Updated Extensions - JoomlaWorks Mar 3, 2022 | 19:04 pm
Read more...
Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber cool slideshow with text snippets laying on[…] -
Simple Image Gallery (free) v4.2 released
Blog - JoomlaWorks Jan 7, 2022 | 20:20 pm
Read more...
Simple Image Gallery (free) version 4.2 is now available to download. This is a maintenance release. Here's what's been added or changed in Simple Image Gallery (free) with the release of v4.2: Resolves fatal PHP error in Joomla 4 caused[…] -
Simple Image Gallery Pro v3.9.1 released (bug-fix release)
Blog - JoomlaWorks Jul 26, 2021 | 14:21 pm
Read more...
Simple Image Gallery Pro v3.9.1 is now available to download for subscribers. This is a minor bug-fix release following the release of version 3.9.0 a couple weeks ago. For a detailed look on the new features and changes in v3.9.0,[…] -
Simple Image Gallery Pro v3.9.0 released
Blog - JoomlaWorks Jul 5, 2021 | 16:59 pm
Read more...
Simple Image Gallery Pro v3.9.0 is now available to download for subscribers. It's both a bug-fix and new feature release. Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.9.0: SIGPro will now read[…] -
Simple RSS Feed Reader v3.9.0 released
Blog - JoomlaWorks May 25, 2021 | 08:47 am
Read more...
Today we're releasing version 3.9.0 of the Simple RSS Feed Reader module. This is a bugfix release. Here's what's been added or changed (in more detail) with the release of v3.9.0: Fix the installer for Joomla 3.x on new installations.[…] -
Simple RSS Feed Reader v3.8.0 released
Blog - JoomlaWorks Feb 3, 2021 | 15:42 pm
Read more...
Today we're releasing version 3.8.0 of the Simple RSS Feed Reader module. This new release brings back Joomla 1.5 support (by popular request), it introduces a new sub-template & changes the remote image resizing service from Mobify to Images.weserv.nl. Here's what's[…] -
Improve the performance of your Joomla articles (part 1)
Blog - JoomlaWorks Dec 4, 2020 | 16:44 pm
Read more...
The performance of the default article system in Joomla really sucks big time, that's a well know fact. It''s actually one of the reasons we built K2 in the first place. And as we venture into Joomla 4 territory, instead[…] -
K2 Plugin for sh404SEF
Updated Extensions - JoomlaWorks Sep 14, 2020 | 17:28 pm
Read more...
A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…] -
K2 Plugin for sh404SEF version 1.6.0 released
Blog - JoomlaWorks Sep 14, 2020 | 17:28 pm
Read more...
The K2 Plugin for sh404SEF version 1.6.0 is now available to download for subscribers. This is a bug fix release that addresses compatibility with K2 v2.10.3+ and improves support for PHP 7.x in general. Here's what's been added or changed in the K2[…] -
Simple Image Gallery Pro v3.8.0 released
Blog - JoomlaWorks Jun 10, 2020 | 15:51 pm
Read more...
Simple Image Gallery Pro v3.8.0 is now available to download for subscribers. This new release improves upon existing features, extends Flickr support to galleries (beyond albums/sets) and adds PHP 7.4 & Postgres compatibility. Here's what's been added or changed in Simple[…] -
AllVideos 6.1.0 now available - adds Mixcloud support
Blog - JoomlaWorks May 22, 2020 | 14:13 pm
Read more...
Version 6.1.0 of AllVideos is now available. This new release introduces support for Mixcloud embeds and improves support for PHP 7.4. Here's what's been added or changed in this new release of AllVideos: Added support for Mixcloud embeds. Just use[…] -
K2
Updated Extensions - JoomlaWorks Apr 29, 2020 | 22:47 pm
Read more...
K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…] -
K2 v2.10.3 now available
blog Apr 29, 2020 | 20:21 pm
Read more...
K2 v2.10.3 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & bugfix release, which refines the backend user interface (building upon the changes that were introduced with v2.10.0 to v2.10.2), improves client-size (frontend) caching & resolves broken auto-generated feeds[…] -
K2 v2.10.2 released - now with a 100% mobile-friendly backend user interface!
blog Dec 11, 2019 | 22:02 pm
Read more...
K2 v2.10.2 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & security release: it concludes the backend user interface changes that were introduced with v2.10.0 and is now 100% mobile-friendly and it also addresses[…] -
Retiring the K2 templates section
blog Dec 8, 2019 | 16:05 pm
Read more...
As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED). We stopped accepting new entries for templates in the KED about 2 weeks ago and this[…] -
K2 v2.10.1 released
blog Nov 26, 2019 | 18:17 pm
Read more...
K2 v2.10.1 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance release that addresses a few bugs that were introduced with v2.10.0 released a couple weeks ago and we urge everyone using v2.10.0 to[…] -
K2 v2.10.0 released
blog Nov 15, 2019 | 01:04 am
Read more...
K2 v2.10.0 is now available to download for Joomla versions 1.5 to 3.x. This release introduces a refreshed backend design as well as feature improvements or additions (like Google Structured Data) and as always, performance improvements everywhere.To install K2 for[…] -
K2 v2.9.0 released
blog Sep 21, 2018 | 16:14 pm
Read more...
K2 v2.9.0 is now available to download for Joomla 1.5 to 3.x. In short, this release improves compatibility with the latest releases of Joomla 3.8.x & improves frontend performance overall.To install K2 for the first time or update your existing[…] -
K2 v2.8.0 released
blog Aug 18, 2017 | 12:59 pm
Read more...
K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…] -
K2 v2.7.1 released
blog Aug 4, 2016 | 01:12 am
Read more...
K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…] -
K2 v2.7.0 released
blog Mar 18, 2016 | 05:26 am
Read more...
Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…]
-
CVE-2022-35173
Latest security vulnerabilities Nginx products Aug 18, 2022 | 00:00 amAn issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation. (CVSS:0.0) (Last Update:2022-08-24)
Read more... -
CVE-2022-29779
Latest security vulnerabilities Nginx products Jun 2, 2022 | 00:00 amNginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. (CVSS:2.1) (Last Update:2022-06-09)
Read more... -
CVE-2022-29780
Latest security vulnerabilities Nginx products Jun 2, 2022 | 00:00 amNginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. (CVSS:2.1) (Last Update:2022-06-09)
Read more... -
CVE-2022-30503
Latest security vulnerabilities Nginx products Jun 2, 2022 | 00:00 amNginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. (CVSS:2.1) (Last Update:2022-06-10)
Read more... -
CVE-2021-46461
Latest security vulnerabilities Nginx products Feb 14, 2022 | 00:00 amnjs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c. (CVSS:7.5) (Last Update:2022-05-11)
Read more... -
CVE-2019-7401
Latest security vulnerabilities Nginx products Feb 8, 2019 | 00:00 amNGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.[…]
Read more... -
CVE-2009-3896
Latest security vulnerabilities Nginx products Nov 24, 2009 | 00:00 amsrc/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a[…]
Read more... -
CVE-2009-3898
Latest security vulnerabilities Nginx products Nov 24, 2009 | 00:00 amDirectory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1)[…]
Read more...
