CVE-2019-10082

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVSS:6.4) (Last Update:2019-09-27)

CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be[…]

CVE-2019-10081

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not[…]

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects[…]

CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)

Red Hat Security Advisory 2021-0146-01

Red Hat Security Advisory 2021-0146-01 - Red Hat OpenShift Serverless 1.12.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.6, and includes[…]

Red Hat Security Advisory 2021-0136-01

Red Hat Security Advisory 2021-0136-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2021-0030-01

Red Hat Security Advisory 2021-0030-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

Red Hat Security Advisory 2021-0114-01

Red Hat Security Advisory 2021-0114-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security[…]

Red Hat Security Advisory 2021-0095-01

Red Hat Security Advisory 2021-0095-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security[…]

The Product Security Blog has moved!

Red Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]

New Red Hat Product Security OpenPGP key

Red Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]

Managing risk in the modern world

Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…]

Security Technologies: ExecShield

The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…]

Insights Security Hardening Rules

Many users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]

ZeroShell 3.9.0 Remote Command Execution

This Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar[…]

D-Link DSR-250N Denial Of Service

RedTeam Pentesting discovered a denial of service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script that reboots the device. Version 3.12 is confirmed affected.

Sony IPELA Network Camera Remote Stack Buffer Overflow

Sony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be[…]

Go CGI / FastCGI Transport Cross Site Scripting

The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML data as HTML. This may lead to cross site scripting[…]

Cayin CMS NTP Server 11.0 Remote Code Execution

This Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the system_service.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to[…]

Debian: DSA-4832-1: chromium security update

Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian: DSA-4830-1: flatpak security update

Simon McVittie discovered a bug in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape).

Debian: DSA-4828-1: libxstream-java security update

Liaogui Zhong discovered two security issues in XStream, a Java library to serialise objects to XML and back again, which could result in the deletion of files or server-side request forgery when unmarshalling.

Debian: DSA-4826-1: nodejs security update

Two vulnerabilities were discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code or HTTP request smuggling.

Debian: DSA-4825-1: dovecot security update

Several vulnerabilities have been discovered in the Dovecot email server. CVE-2020-24386

Debian Security Advisory 4633-1

Debian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.

Debian Security Advisory 4628-1

Debian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.

Debian Security Advisory 4627-1

Debian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.

Debian Security Advisory 4624-1

Debian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.

Debian Security Advisory 4621-1

Debian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.

netkit-telnet 0.17 Remote Code Execution

netkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.

Grub2 grub2-set-bootflag Environment Corruption

Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.

Linux Nested User Namespace idmap Limit Local Privilege Escalation

This Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user[…]

DHCP Client Command Injection (DynoRoot)

This Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or[…]

Libuser roothelper Privilege Escalation

This Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This Metasploit[…]

wavpack -- integer overflow in pack_utils.c

Gitlab -- vulnerability

phpmyfaq -- XSS vulnerability

CairoSVG -- Regular Expression Denial of Service vulnerability

[20210101] - Core - com_modules exposes module names

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions:3.0.0 - 3.9.23Exploit type: Incorrect Access ControlReported Date: 2020-07-07Fixed Date: 2021-01-12CVE Number: CVE-2021-23123DescriptionLack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.23SolutionUpgrade to version[…]

[20210103] - Core - XSS in com_tags image parameters

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions:3.1.0 - 3.9.23Exploit type: XSSReported Date: 2020-09-01Fixed Date: 2021-01-12CVE Number: CVE-2021-23125DescriptionLack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.Affected InstallsJoomla! CMS versions 3.1.0 - 3.9.23SolutionUpgrade to version 3.9.24ContactThe JSST[…]

[20201101] - Core - com_finder ignores access levels on autosuggest

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 2.5.0-3.9.22Exploit type: Information DisclosureReported Date: 2020-06-21Fixed Date: 2020-11-24CVE Number: CVE-2020-35610DescriptionThe autosuggestion feature of com_finder did not respect the access level of the corresponding terms.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.22SolutionUpgrade to version 3.9.23ContactThe JSST at the Joomla![…]

[20201103] - Core - Path traversal in mod_random_image

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 2.5.0-3.9.22Exploit type: Path traversalReported Date: 2020-10-06Fixed Date: 2020-11-24CVE Number: CVE-2020-35612DescriptionThe folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.22SolutionUpgrade to version 3.9.23ContactThe JSST at the Joomla![…]

[20201105] - Core - User Enumeration in backend login

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.0-3.9.22Exploit type: User EnumerationReported Date: 2020-08-15Fixed Date: 2020-11-24CVE Number: CVE-2020-35614DescriptionImproper handling of the username leads to a user enumeration attack vector in the backend login page.Affected InstallsJoomla! CMS versions 3.9.0 - 3.9.22SolutionUpgrade to version 3.9.23ContactThe[…]

[20201107] - Core - Write ACL violation in multiple core views

Project: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions:1.7.0 - 3.9.22Exploit type: ACL ViolationReported Date: 2018-11-04Fixed Date: 2020-11-24CVE Number: CVE-2020-35616DescriptionLack of input validation while handling ACL rulesets can cause write ACL violations.Affected InstallsJoomla! CMS versions 1.7.0 - 3.9.22SolutionUpgrade to version 3.9.23ContactThe JSST at the[…]

paGO Commerce,2.5.9.0, SQL Injection

paGO Commerce, 2.5.9.0, 3rd party extension, SQL Injection

K2 Plugin for sh404SEF

A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…]

SocialConnect

SocialConnect is the only Joomla extension that allows you to integrate your Joomla site with social networks and identity providers for user authentication, posting content directly to social networks and 3rd-party comment system integration.FeaturesLet your users register to your website[…]

Simple Image Gallery Pro v3.8.0 released

Simple Image Gallery Pro v3.8.0 is now available to download for subscribers. This new release improves upon existing features, extends Flickr support to galleries (beyond albums/sets) and adds PHP 7.4 & Postgres compatibility.Here's what's been added or changed in Simple Image[…]

AllVideos 6.1.0 now available - adds Mixcloud support

Version 6.1.0 of AllVideos is now available. This new release introduces support for Mixcloud embeds and improves support for PHP 7.4.Here's what's been added or changed in this new release of AllVideos:Added support for Mixcloud embeds. Just use the pattern[…]

K2 v2.10.3 now available

K2 v2.10.3 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & bugfix release, which refines the backend user interface (building upon the changes that were introduced with v2.10.0 to v2.10.2), improves client-size (frontend) caching & resolves broken auto-generated feeds[…]

Getting Snowflake (the open source graphical SSH/SFTP client) to run on macOS

I don't usually write similar blog posts, but I've been really enjoying Snowflake recently. What's Snowflake you ask? Well, it's a new open source graphical SSH/SFTP client which makes working with remote servers a breeze. It works like Panic's Coda when[…]

Simple Image Gallery (free) v4.1.0 released

Simple Image Gallery (free) version 4.1.0 is now available to download. This is a maintenance release.Here's what's been added or changed in Simple Image Gallery (free) with the release of v4.1.0:Allow the plugin to accept WEBP images as source images[…]

Simple Image Gallery (free) v4.0.0 released - now Joomla 4 compatible!

Simple Image Gallery (free) version 4.0.0 is now available to download. This marks our first extension update that supports the upcoming Joomla version 4 (currently in "beta").Here's what's been added or changed in Simple Image Gallery (free) with the release[…]

SocialConnect v1.10.0 released

SocialConnect v1.10.0 is now available to download for subscribers. This new release improves compatibility with recent API changes in Facebook and LinkedIn.Here's what's been added or changed in SocialConnect with the release of v1.10.0:Facebook authorization in SocialConnect's settings will now[…]

Retiring the K2 templates section

As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED).We stopped accepting new entries for templates in the KED about 2 weeks ago and this week[…]

K2 v2.10.1 released

K2 v2.10.1 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance release that addresses a few bugs that were introduced with v2.10.0 released a couple weeks ago and we urge everyone using v2.10.0 to[…]

Simple RSS Feed Reader

Adding RSS/Atom syndicated content inside your Joomla website is now super-easy and simple with the 'Simple RSS Feed Reader' module from JoomlaWorks. All you have to do is add a few feeds to the module parameters, publish the module in[…]

Disqus Comments (for Joomla)

Disqus Comments (for Joomla) integrates the Disqus comments system & service into any Joomla based website. Disqus (pronounced 'discuss') is a service and tool for web comments and discussions - currently the most popular comments-as-a-service provider worldwide. It makes commenting[…]

Google Map Landkarten,4.2.3,SQL Injection

Google Map Landkarten from joomla-24.de, versions 4.2.3 and previous, SQL Injection

File Download Tracker,3.0,SQL Injection

File Download Tracker by techsolsystem.com, 3.0, SQL Injection

JMS Music,1.1.1,SQL Injection

JMS Music by Joomasters, versions 1.1.1 and previous, SQL Injection

K2 v2.7.1 released

K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…]

K2 Next to be presented in JoomlaDay Brasil 2015

(originally posted in the JoomlaWorks blog) It's been a while, I know. You see, Joomla is not the only organization undergoing changes. So are we :)We are happy to announce that K2 Next will be officially presented in the upcoming JoomlaDay[…]

CVE-2019-13617

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. (CVSS:4.3) (Last Update:2019-07-18)

CVE-2019-12206

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-12208

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-11838

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-09)

CVE-2018-16844

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen'[…]