CVE-2019-10082

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVSS:6.4) (Last Update:2019-09-27)

CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be[…]

CVE-2019-10081

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not[…]

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects[…]

CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)

Red Hat Security Advisory 2019-3892-01

Red Hat Security Advisory 2019-3892-01 - This release of Red Hat Fuse 7.5.0 serves as a replacement for Red Hat Fuse 7.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the[…]

Red Hat Security Advisory 2019-3890-01

Red Hat Security Advisory 2019-3890-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

Red Hat Security Advisory 2019-3887-01

Red Hat Security Advisory 2019-3887-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. An arbitrary kernel memory write vulnerability was addressed.

Red Hat Security Advisory 2019-3878-01

Red Hat Security Advisory 2019-3878-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.

Red Hat Security Advisory 2019-3770-01

Red Hat Security Advisory 2019-3770-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the oauth-server container image for Red Hat OpenShift Container Platform[…]

The Product Security Blog has moved!

Red Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]

New Red Hat Product Security OpenPGP key

Red Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]

Managing risk in the modern world

Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…]

Security Technologies: ExecShield

The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…]

Insights Security Hardening Rules

Many users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]

RHBA-2019:0500-1: nss-pem bug fix update

Red Hat Enterprise Linux:Updated nss-pem packages that fix one bug are now available for Red HatEnterprise Linux 7.6.

RHBA-2019:0498-1: rear bug fix update

Red Hat Enterprise Linux:Updated rear packages that fix several bugs are now available for Red HatEnterprise Linux 7.

RHBA-2019:0496-1: tuned bug fix update

Red Hat Enterprise Linux:Updated tuned packages that fix two bugs are now available for Red HatEnterprise Linux 7.

RHBA-2019:0484-1: dpdk bug fix update

Red Hat Enterprise Linux:Updated dpdk packages that fix one bug are now available in the Extras channelof Red Hat Enterprise Linux 7.

RHEA-2019:0543-1: new packages: rh-jmc

Red Hat Enterprise Linux:New rh-jmc packages are now available as a part of Red Hat Software Collections3.2 for Red Hat Enterprise Linux 7.

Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure

The Rifatron Intelligent Digital Security System DVR suffers from an unauthenticated and unauthorized live stream disclosure when animate.cgi script is called through Mobile Web Viewer module.

Ubuntu Security Notice USN-4059-1

Ubuntu Security Notice 4059-1 - It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS[…]

Telus Actiontec WEB6000Q Denial Of Service

Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot[…]

RICOH SP 4510DN Printer HTML Injection

An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.

Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker[…]

Debian: DSA-4569-1: ghostscript security update

Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.

Debian Security Advisory 4567-1

Debian Linux Security Advisory 4567-1 - It was discovered that the vhost PMD in DPDK, a set of libraries for fast packet processing, was affected by memory and file descriptor leaks which could result in denial of service.

Debian Security Advisory 4565-1

Debian Linux Security Advisory 4565-1 - This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA (TSX Asynchronous Abort) vulnerability. For affected CPUs, to fully mitigate the vulnerability it is[…]

Debian: DSA-4565-1: intel-microcode security update

This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA (TSX Asynchronous Abort) vulnerability. For affected CPUs, to fully mitigate the vulnerability it is also necessary to update the Linux[…]

Debian: DSA-4566-1: qemu security update

This update for QEMU, a fast processor emulator, backports support to passthrough the pschange-mc-no CPU flag. The virtualised MSR seen by a guest is set to show the bug as fixed, allowing to disable iTLB Multihit mitigations in nested hypervisors[…]

Debian: DSA-4563-1: webkit2gtk security update

These vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2019-8812

Debian Security Advisory 4562-1

Debian Linux Security Advisory 4562-1 - Several vulnerabilities have been discovered in the chromium web browser.

Debian Security Advisory 4561-1

Debian Linux Security Advisory 4561-1 - Alex Murray discovered a stack-based buffer overflow vulnerability in fribidi, an implementation of the Unicode Bidirectional Algorithm algorithm, which could result in denial of service or potentially the execution of arbitrary code, when processing[…]

Debian Security Advisory 4560-1

Debian Linux Security Advisory 4560-1 - It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages.

Debian Security Advisory 4558-1

Debian Linux Security Advisory 4558-1 - Several vulnerabilities have been discovered in the webkit2gtk web engine.

SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]

Linux Kernel Local Privilege Escalation

Linux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.

Reliable Datagram Sockets (RDS) Privilege Escalation

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version[…]

MagniComp SysInfo mcsiwrapper Privilege Escalation

This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable[…]

glibc '$ORIGIN' Expansion Privilege Escalation

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the[…]

GNU cpio -- multiple vulnerabilities

wordpress -- multiple issues

K2 v2.10.0 released

K2 v2.10.0 is now available to download for Joomla versions 1.5 to 3.x. This release introduces a refreshed backend design as well as feature improvements or additions (like Google Structured Data) and as always, performance improvements everywhere.To install K2 for[…]

[20191002] - Core - Path Disclosure in phpuft8 mapping files

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.6.0 - 3.9.12Exploit type: Path DisclosureReported Date: 2019-November-01Fixed Date: 2019-November-05CVE Number: CVE-2019-18674DescriptionMissing access check in the phputf8 mapping files could lead to an path disclosure.Affected InstallsJoomla! CMS versions 3.6.0 - 3.9.12SolutionUpgrade to version 3.9.13ContactThe JSST at[…]

AllVideos v5.1.0 released - now with Twitch support

Version 5.1.0 of AllVideos is now available, adding support for Twitch and fixing a couple of bugs introduced in v5.0.0.Here's what's been added or changed in this new release of AllVideos:AllVideos now supports Twitch as a 3rd party video provider. You[…]

AllVideos v5.0.0 released - now with web-native media playback

We have just released a major update to AllVideos, version 5.0.0, for Joomla versions 1.5 to 3.x.It introduces web-native media playback with no 3rd party dependencies.Here's what's been added or changed in this new release of AllVideos:AllVideos now supports web-native media only (for[…]

[20190701] - Core - Filter attribute in subform fields allows remote code execution

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.9.7 - 3.9.8Exploit type: Remote Code ExecutionReported Date: 2019-June-20Fixed Date: 2019-July-09CVE Number: CVE-2019-14654DescriptionInadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.Affected InstallsJoomla! CMS versions 3.9.7[…]

[20190601] - Core - CSV injection in com_actionlogs

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.0 through 3.9.6Exploit type: CSV InjectionReported Date: 2019-April-29Fixed Date: 2019-June-11CVE Number: CVE-2019-12765DescriptionThe CSV export of com_actionslogs is vulnerable to CSV injection.Affected InstallsJoomla! CMS versions 3.9.0 through 3.9.6SolutionUpgrade to version 3.9.7ContactThe JSST at the Joomla! Security[…]

[20190603] - Core - ACL hardening of com_joomlaupdate

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.8.13 through 3.9.6Exploit type: Incorrect Access ControlReported Date: 2019-April-10Fixed Date: 2019-June-11CVE Number: CVE-2019-12764DescriptionThe update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.Affected InstallsJoomla! CMS versions 3.8.13 through 3.9.6SolutionUpgrade to version 3.9.7ContactThe JSST[…]

[20190501] - Core - XSS in com_users ACL debug views

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 1.7.0 through 3.9.5Exploit type: XSSReported Date: 2019-April-29Fixed Date: 2019-May-07CVE Number: CVE-2019-11809DescriptionThe debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.Affected InstallsJoomla! CMS versions 1.7.0 through[…]

SocialConnect v1.9.0 released

SocialConnect v1.9.0 has just been released. It mainly improves compatibility with Twitter and LinkedIn API updates (either already in force or soon to be enforced).Here's what's been added or changed in SocialConnect with the release of v1.9.0:Updated for recent Twitter API changes that[…]

Simple Image Gallery Pro v3.6.5 released

Simple Image Gallery Pro v3.6.5 has just been released. This is a feature-improvement release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.5:Added a new "File size limit per uploaded image" option in the component's[…]

Simple Image Gallery Pro v3.6.4 released

Simple Image Gallery Pro v3.6.4 has just been released. This is both a bugfix and feature-improvement release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.4:New galleries added directly via the gallery form will not[…]

Rapicode, Multiple Extensions, Back Door

Rapicode, nultiple extensions, current versions, back doorExtensions affected are:-Rapi Content TickerRapi Content CarouselRapi Cookie ConsentRapi CountdownRapi PreloaderRapi Loading Progress BarRapi Page AnimateAt the moment the back door seems to be loading mining code, it can be used to load arbitrary[…]

Fastball, SQL Injection

Fastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection

Simple Calendar,3.1.9,SQL Injection

Simple Calendar by Fabrizio Albonico, versions 3.1.9 and previous, SQL Injection

JMS Music,1.1.1,SQL Injection

JMS Music by Joomasters, versions 1.1.1 and previous, SQL Injection

Realpin,1.5.04,SQL Injection

Realpin by Marcel Törpe, versions 1.5.04 and previous, SQL Injection

K2 v2.8.0 released

K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…]

K2 Plugin for sh404SEF

A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…]

K2 v3 to be presented in JoomlaDay Brasil 2015

(originally posted in the JoomlaWorks blog) It's been a while, I know. You see, Joomla is not the only organization undergoing changes. So are we :)Part of this change is the introduction of new awesome products for Joomla including new templates,[…]

Videocorso sul componente K2 versione 2.6.9 per Joomla 3

Ciao a tutti. Sono Antonio Mercurio dall'Italia. Per passione mi occupo di realizzare guide in formato e-book disponibili su Amazon e Google Play Store e di videoguide su youtube. Volevo informare la comunità di K2 che ho realizzato un videocorso[…]

Update of the K2 Import / Export tool

The tool to export data from K2 to a CSV file and to import data from a CSV file to K2 just got updated. 2.1 for Joomla 3.x changes: small bugfixesbetter date checksimport/export Hints + Item Parameters 1.3 for Joomla[…]

K2

K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…]

Simple Image Gallery

Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…]

Frontpage SlideShow

NEW VERSION 3.12 released in Oct 2018! Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber[…]

AllVideos

AllVideos (by JoomlaWorks) is truly THE all-in-one media management solution for Joomla and a classic must-have extension for any Joomla based website.Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo,[…]

CVE-2019-13617

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. (CVSS:4.3) (Last Update:2019-07-18)

CVE-2019-12206

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-12208

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-11838

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-09)

CVE-2018-16844

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen'[…]

Security update for ucode-intel 2986

Abstract: Important: Security update for ucode-intelPatch: SUSE-SLE-Module-Basesystem-15-2019-2986 CVEs:CVE-2019-11139, CVE-2019-11135 Bugs:1155988, 1141035, 1139073Applies to:Package(s): ucode-intelProduct(s):SUSE Linux Enterprise Server 15Downloads: SUSE Linux Enterprise Server 15 for x86-64

Security update for ucode-intel 2987

Abstract: Important: Security update for ucode-intelPatch: SUSE-SLE-Module-Basesystem-15-SP1-2019-2987 CVEs:CVE-2019-11135, CVE-2019-11139 Bugs:1141035, 1155988, 1139073Applies to:Package(s): ucode-intelProduct(s):SUSE Linux Enterprise Server 15 SP1Downloads: SUSE Linux Enterprise Server 15 SP1 for x86-64

Security update for ghostscript 2981

Abstract: Important: Security update for ghostscriptPatch: SUSE-SLE-Module-Basesystem-15-2019-2981 CVEs:CVE-2019-14869 Bugs:1156275Applies to:Package(s): ghostscript ghostscript-devel ghostscript-x11Product(s):SUSE Linux Enterprise Server 15Downloads: SUSE Linux Enterprise Server 15 SP1 for x86-64SUSE Linux Enterprise Server 15 SP1 for s390xSUSE Linux Enterprise Server 15 SP1 for ppc64leSUSE Linux[…]

Security update for enigmail 2982

Abstract: Moderate: Security update for enigmailPatch: SUSE-SLE-Product-WE-15-2019-2982 Bugs:1151317, 1141025Applies to:Package(s): enigmailProduct(s):SUSE Linux Enterprise Workstation Extension 15Downloads: SUSE Linux Enterprise Workstation Extension 15 SP1 for x86-64SUSE Linux Enterprise Workstation Extension 15 for x86-64

Security update for bash 2976

Abstract: Important: Security update for bashPatch: SUSE-SLE-SAP-12-SP1-2019-2976 CVEs:CVE-2012-6711 Bugs:1138676Applies to:Package(s): bash bash-doc libreadline6 libreadline6-32bit readline-docProduct(s):SUSE Linux Enterprise Server for SAP Applications 12 SP1Downloads: SUSE Linux Enterprise Server 12 SP1 LTSS for x86-64SUSE Linux Enterprise Server 12 SP1 LTSS for s390xSUSE[…]