CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVSS:5.0) (Last Update:2022-05-17)

CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVSS:6.8) (Last[…]

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix[…]

CVE-2021-42013

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these[…]

CVE-2021-41773

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of[…]

The Product Security Blog has moved!

Red Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]

SPECTRE Variant 1 scanning tool

As part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]

Join us in San Francisco at the 2018 Red Hat Summit

This year’s Red Hat Summit will be held on May 8-10 in beautiful San Francisco, USA.Product Security will be joining many Red Hat security experts in presenting and assisting subscribers and partners at the show.Here is a sneak peek at[…]

Let's talk about PCI-DSS

For those who aren’t familiar with Payment Card Industry Data Security Standard (PCI-DSS), it is the standard that is intended to protect our credit card data as it flows between systems and is stored in company databases.PCI-DSS requires that all[…]

Abuse of RESTEasy Default Providers in JBoss EAP

Red Hat JBoss Enterprise Application Platform (EAP) is a commonly used host for Restful webservices. A powerful but potentially dangerous feature of Restful webservices on JBoss EAP is the ability to accept any media type. If not configured to accept[…]

Debian: DSA-5141-1: thunderbird security update

Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed

Debian: DSA-5139-1: openssl security update

Elison Niven discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands.

Debian: DSA-5137-1: needrestart security update

Jakub Wilk discovered a local privilege escalation in needrestart, a utility to check which daemons need to be restarted after library upgrades. Regular expressions to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to[…]

Debian: DSA-5136-1: postgresql-13 security update

Alexander Lakhin discovered that the autovacuum feature and multiple commands could escape the "security-restricted operation" sandbox. For additional information please refer to the upstream announcement

Debian: DSA-5133-1: qemu security update

Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the execution of arbitrary code.

clamav -- Multiple vulnerabilities

Simple Image Gallery Pro

NEW VERSION 3.9 released in July 2021!Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish[…]

Frontpage SlideShow

Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber cool slideshow with text snippets laying on[…]

Simple Image Gallery (free) v4.2 released

Simple Image Gallery (free) version 4.2 is now available to download. This is a maintenance release. Here's what's been added or changed in Simple Image Gallery (free) with the release of v4.2: Resolves fatal PHP error in Joomla 4 caused[…]

Simple Image Gallery Pro v3.9.0 released

Simple Image Gallery Pro v3.9.0 is now available to download for subscribers. It's both a bug-fix and new feature release. Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.9.0: SIGPro will now read[…]

Simple RSS Feed Reader v3.9.0 released

Today we're releasing version 3.9.0 of the Simple RSS Feed Reader module. This is a bugfix release. Here's what's been added or changed (in more detail) with the release of v3.9.0: Fix the installer for Joomla 3.x on new installations.[…]

Improve the performance of your Joomla articles (part 1)

The performance of the default article system in Joomla really sucks big time, that's a well know fact. It''s actually one of the reasons we built K2 in the first place. And as we venture into Joomla 4 territory, instead[…]

K2 Plugin for sh404SEF

A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…]

AllVideos

AllVideos (by JoomlaWorks) is the universal media player for Joomla and a classic must-have extension for any Joomla based website. Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo, Dailymotion,[…]

K2

K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…]

Getting Snowflake (the open source graphical SSH/SFTP client) to run on macOS

I don't usually write similar blog posts, but I've been really enjoying Snowflake recently. What's Snowflake you ask? Well, it's a new open source graphical SSH/SFTP client which makes working with remote servers a breeze. It works like Panic's Coda when[…]

Retiring the K2 templates section

As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED). We stopped accepting new entries for templates in the KED about 2 weeks ago and this[…]

K2 v2.10.0 released

K2 v2.10.0 is now available to download for Joomla versions 1.5 to 3.x. This release introduces a refreshed backend design as well as feature improvements or additions (like Google Structured Data) and as always, performance improvements everywhere.To install K2 for[…]

Disqus Comments (for Joomla)

Disqus Comments (for Joomla) integrates the Disqus comments system & service into any Joomla based website. Disqus (pronounced 'discuss') is a service and tool for web comments and discussions - currently the most popular comments-as-a-service provider worldwide. It makes commenting[…]

K2 v2.7.1 released

K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…]

K2 Next to be presented in JoomlaDay Brasil 2015

(originally posted in the JoomlaWorks blog) It's been a while, I know. You see, Joomla is not the only organization undergoing changes. So are we :)We are happy to announce that K2 Next will be officially presented in the upcoming JoomlaDay[…]

CVE-2021-46461

njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c. (CVSS:7.5) (Last Update:2022-05-11)

CVE-2009-3896

src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a[…]