CVE-2019-10082

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVSS:6.4) (Last Update:2019-09-27)

CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be[…]

CVE-2019-10081

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not[…]

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects[…]

CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)

Red Hat Security Advisory 2020-3803-01

Red Hat Security Advisory 2020-3803-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.

Red Hat Security Advisory 2020-3783-01

Red Hat Security Advisory 2020-3783-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling.

Red Hat Security Advisory 2020-3780-01

Red Hat Security Advisory 2020-3780-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

Red Hat Security Advisory 2020-3727-01

Red Hat Security Advisory 2020-3727-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling. Kibana is one of[…]

Red Hat Security Advisory 2020-3755-01

Red Hat Security Advisory 2020-3755-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries.

The Product Security Blog has moved!

Red Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]

New Red Hat Product Security OpenPGP key

Red Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]

Managing risk in the modern world

Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…]

Security Technologies: ExecShield

The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…]

Insights Security Hardening Rules

Many users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]

TP-Link Cloud Cameras NCXXX Bonjour Command Injection

TP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place[…]

Geutebruck testaction.cgi Remote Command Execution

This Metasploit module exploits an authenticated arbitrary command execution vulnerability within the 'server' GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions

Cayin Content Management Server 11.0 Root Remote Command Injection

CAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.

Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read / Write

Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from arbitrary file read and write vulnerabilities. The application allows the currently logged-in user to edit the configuration files in the system using the CGI executable edit_config_files in /cgi-bin/cgix/. The files[…]

Ubuntu Security Notice USN-4356-1

Ubuntu Security Notice 4356-1 - Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. It was discovered that Squid[…]

Ubuntu Security Notice USN-4530-1

Ubuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.

Debian: DSA-4764-1: inspircd security update

Two security issues were discovered in the pgsql and mysql modules of the InspIRCd IRC daemon, which could result in denial of service. For the stable distribution (buster), these problems have been fixed in

Debian: DSA-4761-1: zeromq3 security update

It was discovered that ZeroMQ, a lightweight messaging kernel library does not properly handle connecting peers before a handshake is completed. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket listening with CURVE

Debian: DSA-4760-1: qemu security update

Multiple security issues were discovered in QEMU, a fast processor emulator: CVE-2020-12829

Debian: DSA-4758-1: xorg-server security update

Several vulnerabilities have been discovered in the X.Org X server. Missing input sanitising in X server extensions may result in local privilege escalation if the X server is configured to run with root privileges. In addition an ASLR bypass was[…]

Debian Security Advisory 4633-1

Debian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.

Debian Security Advisory 4628-1

Debian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.

Debian Security Advisory 4627-1

Debian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.

Debian Security Advisory 4624-1

Debian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.

Debian Security Advisory 4621-1

Debian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.

netkit-telnet 0.17 Remote Code Execution

netkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.

Grub2 grub2-set-bootflag Environment Corruption

Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.

Linux Nested User Namespace idmap Limit Local Privilege Escalation

This Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user[…]

DHCP Client Command Injection (DynoRoot)

This Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or[…]

Libuser roothelper Privilege Escalation

This Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This Metasploit[…]

libxml -- multiple vulnerabilities

py-matrix-synapse -- malformed events may prevent users from joining federated rooms

Python -- multiple vulnerabilities

FreeBSD -- ure device driver susceptible to packet-in-packet attack

FreeBSD -- bhyve SVM guest escape

K2 Plugin for sh404SEF version 1.6.0 released

The K2 Plugin for sh404SEF version 1.6.0 is now available to download for subscribers. This is a bug fix release that addresses compatibility with K2 v2.10.3+ and improves support for PHP 7.x in general.Here's what's been added or changed in the K2 Plugin[…]

[20200801] - Core - XSS in mod_latestactions

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.9.0-3.9.20Exploit type: XSSReported Date: 2020-August-21Fixed Date: 2020-August-25CVE Number: CVE-2020-24599DescriptionLack of escaping in mod_latestactions allows XSS attacks.Affected InstallsJoomla! CMS versions 3.9.0 - 3.9.20SolutionUpgrade to version 3.9.21ContactThe JSST at the Joomla! Security Centre.Reported By: Peter Martin

[20200802] - Core - Open redirect in com_content vote feature

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0-3.9.20Exploit type: Open RedirectReported Date: 2020-July-05Fixed Date: 2020-August-25CVE Number: CVE-2020-24598DescriptionLack of input validation in com_content leads to an open redirect.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.20SolutionUpgrade to version 3.9.21ContactThe JSST at the Joomla! Security Centre.Reported By: Ahmad Kamaran Jamil

[20200702] - Core - Missing checks can lead to a broken usergroups table record

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 2.5.0-3.9.19Exploit type: Incorrect Access ControlReported Date: 2020-April-04Fixed Date: 2020-July-14CVE Number: CVE-2020-15699DescriptionMissing validation checks at the usergroups table object can result into an broken site configuration.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.19SolutionUpgrade to version 3.9.20ContactThe JSST at[…]

[20200704] - Core - Variable tampering via user table class

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0-3.9.19Exploit type: Incorrect Access ControlReported Date: 2020-Jun-02Fixed Date: 2020-July-14CVE Number: CVE-2020-15697DescriptionInternal read-only fields in the User table class could be modified by users.Affected InstallsJoomla! CMS versions 3.9.0 - 3.9.19SolutionUpgrade to version 3.9.20ContactThe JSST at the Joomla! Security[…]

[20200706] - Core - System Information screen could expose redis or proxy credentials

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0-3.9.19Exploit type: Information DisclosureReported Date: 2020-Jun-17Fixed Date: 2020-July-14CVE Number: CVE-2020-15698DescriptionInadequate filtering in the system information screen could expose redis or proxy credentialsAffected InstallsJoomla! CMS versions 3.0.0 - 3.9.19SolutionUpgrade to version 3.9.20ContactThe JSST at the Joomla! Security Centre.Reported[…]

[20200605] - Core - CSRF in com_postinstall

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.7.0-3.9.18Exploit type: CSRFReported Date: 2020-May-08Fixed Date: 2020-June-02CVE Number: CVE-2020-13760DescriptionMissing token checks in com_postinstall cause CSRF vulnerabilities.Affected InstallsJoomla! CMS versions 3.7.0 - 3.9.18SolutionUpgrade to version 3.9.19ContactThe JSST at the Joomla! Security Centre.Reported By: Bui Duc Anh[…]

K2 v2.10.3 now available

K2 v2.10.3 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & bugfix release, which refines the backend user interface (building upon the changes that were introduced with v2.10.0 to v2.10.2), improves client-size (frontend) caching & resolves broken auto-generated feeds[…]

Getting Snowflake (the open source graphical SSH/SFTP client) to run on macOS

I don't usually write similar blog posts, but I've been really enjoying Snowflake recently. What's Snowflake you ask? Well, it's a new open source graphical SSH/SFTP client which makes working with remote servers a breeze. It works like Panic's Coda when[…]

AllVideos v6.0.0 released - now Joomla 4 compatible!

Version 6.0.0 of AllVideos is now available. This is a feature release, which also introduces full support with the upcoming Joomla version 4 release.Here's what's been added or changed in this new release of AllVideos:Fully compatible with the upcoming Joomla[…]

RadioWave v1.2.0 released

RadioWave v1.2.0 has just been released. This is a bugfix and feature-improvement release.Here's what's been added or changed in RadioWave with the release of v1.2.0:Fixed time parsing for the OnAir template override (K2 Content module) which caused the module's output[…]

AllVideos v5.2.0 released

Version 5.2.0 of AllVideos is now available. This is a bugfix release and it also improves compatibility with PHP 7.4.Here's what's been added or changed in this new release of AllVideos:Improves PHP 7.4 compatibility.Fixes the "loop" control for HTML5 media[…]

Retiring the K2 templates section

As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED).We stopped accepting new entries for templates in the KED about 2 weeks ago and this week[…]

K2 v2.10.0 released

K2 v2.10.0 is now available to download for Joomla versions 1.5 to 3.x. This release introduces a refreshed backend design as well as feature improvements or additions (like Google Structured Data) and as always, performance improvements everywhere.To install K2 for[…]

Rapicode, Multiple Extensions, Back Door

Rapicode, nultiple extensions, current versions, back doorExtensions affected are:-Rapi Content TickerRapi Content CarouselRapi Cookie ConsentRapi CountdownRapi PreloaderRapi Loading Progress BarRapi Page AnimateAt the moment the back door seems to be loading mining code, it can be used to load arbitrary[…]

Fastball, SQL Injection

Fastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection

SquadManagement,1.0.3,SQL Injection

SquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection

JS Autoz ,1.0.9,SQL Injection

JS Autoz by Joomsky.com, 1.0.9 and previous, SQL Injection

K2 v2.8.0 released

K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…]

K2 Plugin for sh404SEF

A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…]

K2 Next to be presented in JoomlaDay Brasil 2015

(originally posted in the JoomlaWorks blog) It's been a while, I know. You see, Joomla is not the only organization undergoing changes. So are we :)We are happy to announce that K2 Next will be officially presented in the upcoming JoomlaDay[…]

K2

K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…]

Simple RSS Feed Reader

Adding RSS/Atom syndicated content inside your Joomla website is now super-easy and simple with the 'Simple RSS Feed Reader' module from JoomlaWorks. All you have to do is add a few feeds to the module parameters, publish the module in[…]

Simple Image Gallery

Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…]

Simple Image Gallery Pro

NEW VERSION 3.8 released in June 2020!Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish[…]

CVE-2019-13617

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. (CVSS:4.3) (Last Update:2019-07-18)

CVE-2019-12206

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-12208

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-11838

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-09)

CVE-2018-16844

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen'[…]