125 matches found
CVE-2019-3834
Technical details for CVE-2019-3834 are not publicly provided in the supplied documents. No affected products, impact, or fixes are explicitly detailed here. Monitor for updates in connected sources.
Jon Kyl Will Take McCain's Senate Seat
The governor of Arizona announced Tuesday that Jon Kyl will replace the Senate seat vacated by the late John McCain. He may now further push to regulate tech giants like Facebook...
Mitigating speculative execution side channel hardware vulnerabilities
On January 3rd, 2018, Microsoft released an advisory and security updates related to a newly discovered class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown that affect AMD, ARM, and Intel CPUs to varying degrees. If you haven’t had a chanc...
Mitigating speculative execution side channel hardware vulnerabilities
On January 3rd, 2018, Microsoft released an advisory and security updates related to a newly discovered class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown that affect AMD, ARM, and Intel CPUs to varying degrees. If you haven’t had a chanc...
Jon Oberheide on Perimeter Security
Mike Mimoso talks to Duo Security co-founder and CTO Jon Oberheide at RSA Conference about Google’s BeyondCorp security model, enforcing perimeter security, how endpoint security has evolved through the years, and the future of passwords. Download: JonOberheideonPerimeterSecurity.mp3 Music by Chr...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...
RHEL 7 : firefox (RHSA-2017:0461)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:0461 advisory. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.0 ESR. Security Fixes: Multiple flaws were found i...
Critical: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
CVE-2016-6330
The server in Red Hat JBoss Operations Network JON, when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an...
CVE-2016-6330
CVE-2016-6330 affects Red Hat JBoss Operations Network (JON). The issue allows remote code execution via a crafted HTTP request when SSL authentication is not configured for JON server/agent communication, linked to message deserialization. Affected versions are before 3.3.6; the root cause relat...
CVE-2016-5422
The CVE-2016-5422 issue affects Red Hat JBoss Operations Network (JON) prior to 3.3.7. The web console fails to properly authorize requests to add users with the super user role, enabling remote authenticated users to elevate privileges to admin via a crafted POST. The widely cited Red Hat adviso...
CVE-2016-3737
It was discovered that sending specially crafted HTTP request to the JON server would allow deserialization of that message without authentication. An attacker could use this flaw to cause remote code execution. Mitigation Apply the configuration changes described in the documentation here: For...
Apple hires Encryption Expert to Beef Up Security on its Devices
The FBI and other law enforcement agencies have waged legal war on encryption and privacy technologies. You may have heard many news stories about the legal battle between Apple and the FBI over unlocking an iPhone that belonged to the San Bernardino shooter. However, that was just one battle in ...
Apple Hires Crypto Innovator Jon Callas
Jon Callas, equal parts security entrepreneur and innovator, has been hired at Apple for what will be his third stint with the company. Callas left Silent Circle, a company he cofounded, in April after four years there. Silent Circle designs and produces secure communication platforms, including...
Stickynote - Cross Site Scripting (XSS) - Moderately Critical - SA-CONTRIB-2015-154
This module enables you to create notes on a page inside a block. The module doesn't sufficiently sanitize the note text on the admin listing page. This vulnerability is mitigated by the fact that an attacker must have a role with a permission to create or edit a stickynote. CVE identifiers issue...
WordPress 3.8.2 cookie 伪造漏洞
0x00 背景 看了WordPress 3.8.2补丁分析 HMAC timing attack,眼界大开,原来还可以利用时间差来判断HMAC。 但我总觉得这个漏洞并不是简单的修复这个问题。 查看了官方提供的资料:“该漏洞是由WordPress的安全团队成员Jon Cave发现。”。 也许漏洞还有这样利用的可能。 0x01 PHP的特性 当PHP在进行 ”==”,”!=”等非严格匹配的情况下,会按照值的实际情况,进行强制转换。 当有一个对比参数是整数的时候,会把另外一个参数强制转换为整数。 0x02 分析修复的代码 官方版的diff只在php里改动了一个位置:...
Gather Kademlia Server Information
This module uses the Kademlia BOOTSTRAP and PING messages to identify and extract information from Kademlia speaking UDP endpoints, typically belonging to eMule/eDonkey/BitTorrent servers or other P2P applications. This module requires Metasploit: https://metasploit.com/download Current source:...
Linux Kernel < 2.6.14.6 procfs Kernel Memory Disclosure Exploit
/ cve-2005-4605.c Linux Kernel 2.6.14.6 procfs Kernel Memory Disclosure Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4605 The procfs code procmisc.c in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers ...
Linux Kernel < 2.6.30.5 cfg80211 Remote Denial of Service Exploit
No description provided by source. / cfg80211-remote-dos.c Linux Kernel 2.6.30.5 cfg80211 Remote DoS Jon Oberheide [email protected] http://jon.oberheide.org Information: http://patchwork.kernel.org/patch/41218/ These pointers can be NULL, the ismesh case isn't ever hit in the current kernel, but...
OpenSSL <= 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS
No description provided by source. / cve-2009-1378.c OpenSSL = 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 In dtls1processoutofseqmessage the check if the...