CVE-2019-10082

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVSS:6.4) (Last Update:2019-09-27)

CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be[…]

CVE-2019-10081

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not[…]

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects[…]

CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)

Red Hat Security Advisory 2020-4344-01

Red Hat Security Advisory 2020-4344-01 - Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 20.0.0.11 serves as a replacement for Open Liberty 20.0.0.10 and includes enhancements as well[…]

Red Hat Security Advisory 2020-4332-01

Red Hat Security Advisory 2020-4332-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Red Hat Security Advisory 2020-4330-01

Red Hat Security Advisory 2020-4330-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2020-4317-01

Red Hat Security Advisory 2020-4317-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2020-4315-01

Red Hat Security Advisory 2020-4315-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.

The Product Security Blog has moved!

Red Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]

New Red Hat Product Security OpenPGP key

Red Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]

Managing risk in the modern world

Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…]

Security Technologies: ExecShield

The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…]

Insights Security Hardening Rules

Many users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]

D-Link DSR-250N Denial Of Service

RedTeam Pentesting discovered a denial of service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script that reboots the device. Version 3.12 is confirmed affected.

Sony IPELA Network Camera Remote Stack Buffer Overflow

Sony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be[…]

Go CGI / FastCGI Transport Cross Site Scripting

The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML data as HTML. This may lead to cross site scripting[…]

Cayin CMS NTP Server 11.0 Remote Code Execution

This Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the system_service.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to[…]

Cayin Signage Media Player 3.0 Root Remote Command Injection

CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.

Ubuntu Security Notice USN-4530-1

Ubuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.

Debian Security Advisory 4629-1

Debian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.

Debian Security Advisory 4626-1

Debian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.

Debian Security Advisory 4625-1

Debian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

Debian Security Advisory 4620-1

Debian Linux Security Advisory 4620-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

netkit-telnet 0.17 Remote Code Execution

netkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.

Grub2 grub2-set-bootflag Environment Corruption

Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.

Linux Nested User Namespace idmap Limit Local Privilege Escalation

This Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user[…]

DHCP Client Command Injection (DynoRoot)

This Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or[…]

Libuser roothelper Privilege Escalation

This Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This Metasploit[…]

freetype2 -- heap buffer overlfow

chromium -- multiple vulnerabilities

K2 Plugin for sh404SEF version 1.6.0 released

The K2 Plugin for sh404SEF version 1.6.0 is now available to download for subscribers. This is a bug fix release that addresses compatibility with K2 v2.10.3+ and improves support for PHP 7.x in general.Here's what's been added or changed in the K2 Plugin[…]

[20200801] - Core - XSS in mod_latestactions

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.9.0-3.9.20Exploit type: XSSReported Date: 2020-August-21Fixed Date: 2020-August-25CVE Number: CVE-2020-24599DescriptionLack of escaping in mod_latestactions allows XSS attacks.Affected InstallsJoomla! CMS versions 3.9.0 - 3.9.20SolutionUpgrade to version 3.9.21ContactThe JSST at the Joomla! Security Centre.Reported By: Peter Martin

[20200802] - Core - Open redirect in com_content vote feature

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0-3.9.20Exploit type: Open RedirectReported Date: 2020-July-05Fixed Date: 2020-August-25CVE Number: CVE-2020-24598DescriptionLack of input validation in com_content leads to an open redirect.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.20SolutionUpgrade to version 3.9.21ContactThe JSST at the Joomla! Security Centre.Reported By: Ahmad Kamaran Jamil

[20200702] - Core - Missing checks can lead to a broken usergroups table record

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 2.5.0-3.9.19Exploit type: Incorrect Access ControlReported Date: 2020-April-04Fixed Date: 2020-July-14CVE Number: CVE-2020-15699DescriptionMissing validation checks at the usergroups table object can result into an broken site configuration.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.19SolutionUpgrade to version 3.9.20ContactThe JSST at[…]

[20200704] - Core - Variable tampering via user table class

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0-3.9.19Exploit type: Incorrect Access ControlReported Date: 2020-Jun-02Fixed Date: 2020-July-14CVE Number: CVE-2020-15697DescriptionInternal read-only fields in the User table class could be modified by users.Affected InstallsJoomla! CMS versions 3.9.0 - 3.9.19SolutionUpgrade to version 3.9.20ContactThe JSST at the Joomla! Security[…]

[20200706] - Core - System Information screen could expose redis or proxy credentials

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0-3.9.19Exploit type: Information DisclosureReported Date: 2020-Jun-17Fixed Date: 2020-July-14CVE Number: CVE-2020-15698DescriptionInadequate filtering in the system information screen could expose redis or proxy credentialsAffected InstallsJoomla! CMS versions 3.0.0 - 3.9.19SolutionUpgrade to version 3.9.20ContactThe JSST at the Joomla! Security Centre.Reported[…]

[20200605] - Core - CSRF in com_postinstall

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.7.0-3.9.18Exploit type: CSRFReported Date: 2020-May-08Fixed Date: 2020-June-02CVE Number: CVE-2020-13760DescriptionMissing token checks in com_postinstall cause CSRF vulnerabilities.Affected InstallsJoomla! CMS versions 3.7.0 - 3.9.18SolutionUpgrade to version 3.9.19ContactThe JSST at the Joomla! Security Centre.Reported By: Bui Duc Anh[…]

K2 v2.10.3 now available

K2 v2.10.3 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & bugfix release, which refines the backend user interface (building upon the changes that were introduced with v2.10.0 to v2.10.2), improves client-size (frontend) caching & resolves broken auto-generated feeds[…]

Getting Snowflake (the open source graphical SSH/SFTP client) to run on macOS

I don't usually write similar blog posts, but I've been really enjoying Snowflake recently. What's Snowflake you ask? Well, it's a new open source graphical SSH/SFTP client which makes working with remote servers a breeze. It works like Panic's Coda when[…]

AllVideos v6.0.0 released - now Joomla 4 compatible!

Version 6.0.0 of AllVideos is now available. This is a feature release, which also introduces full support with the upcoming Joomla version 4 release.Here's what's been added or changed in this new release of AllVideos:Fully compatible with the upcoming Joomla[…]

RadioWave v1.2.0 released

RadioWave v1.2.0 has just been released. This is a bugfix and feature-improvement release.Here's what's been added or changed in RadioWave with the release of v1.2.0:Fixed time parsing for the OnAir template override (K2 Content module) which caused the module's output[…]

AllVideos v5.2.0 released

Version 5.2.0 of AllVideos is now available. This is a bugfix release and it also improves compatibility with PHP 7.4.Here's what's been added or changed in this new release of AllVideos:Improves PHP 7.4 compatibility.Fixes the "loop" control for HTML5 media[…]

Retiring the K2 templates section

As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED).We stopped accepting new entries for templates in the KED about 2 weeks ago and this week[…]

K2 v2.10.0 released

K2 v2.10.0 is now available to download for Joomla versions 1.5 to 3.x. This release introduces a refreshed backend design as well as feature improvements or additions (like Google Structured Data) and as always, performance improvements everywhere.To install K2 for[…]

Rapicode, Multiple Extensions, Back Door

Rapicode, nultiple extensions, current versions, back doorExtensions affected are:-Rapi Content TickerRapi Content CarouselRapi Cookie ConsentRapi CountdownRapi PreloaderRapi Loading Progress BarRapi Page AnimateAt the moment the back door seems to be loading mining code, it can be used to load arbitrary[…]

Fastball, SQL Injection

Fastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection

SquadManagement,1.0.3,SQL Injection

SquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection

JS Autoz ,1.0.9,SQL Injection

JS Autoz by Joomsky.com, 1.0.9 and previous, SQL Injection

K2 v2.8.0 released

K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…]

K2 Plugin for sh404SEF

A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…]

K2 Next to be presented in JoomlaDay Brasil 2015

(originally posted in the JoomlaWorks blog) It's been a while, I know. You see, Joomla is not the only organization undergoing changes. So are we :)We are happy to announce that K2 Next will be officially presented in the upcoming JoomlaDay[…]

K2

K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…]

Simple RSS Feed Reader

Adding RSS/Atom syndicated content inside your Joomla website is now super-easy and simple with the 'Simple RSS Feed Reader' module from JoomlaWorks. All you have to do is add a few feeds to the module parameters, publish the module in[…]

Simple Image Gallery

Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…]

Simple Image Gallery Pro

NEW VERSION 3.8 released in June 2020!Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish[…]

CVE-2019-13617

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. (CVSS:4.3) (Last Update:2019-07-18)

CVE-2019-12206

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-12208

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-11838

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-09)

CVE-2018-16844

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen'[…]