Prototype Pollution in cookiex/deep
The npm @cookiex/deep package before version 0.0.7 has a prototype pollution vulnerability. The global proto object can be polluted using the proto...
9.8CVSS
3.8AI Score
0.004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.325.5.el7] - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext (Krister Johansen) [Orabug: 35905508] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 (D Scott Phillips) [Orabug: 35905508] - perf/arm-cmn: Fix invalid pointer...
7CVSS
8AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.325.5.el8] - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext (Krister Johansen) [Orabug: 35905508] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 (D Scott Phillips) [Orabug: 35905508] - perf/arm-cmn: Fix invalid pointer...
7CVSS
7.8AI Score
0.0004EPSS
Denial of Service in graphql-go
Impact This is a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could...
6.5CVSS
2.4AI Score
0.001EPSS
Securing our home labs: Home Assistant code review
Introduction In July, the GitHub Security Lab team conducted a collaborative review of one of our favorite software pieces. While it's not uncommon for our Security Lab researchers to work together on audits and research projects, we found that conducting team audits occasionally provides a...
9CVSS
8.1AI Score
0.001EPSS
USN-6450-1: OpenSSL vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector (IV) lengths. This could lead to truncation issues and result in loss of confidentiality for some symmetric cipher...
7.5CVSS
6.8AI Score
0.004EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.325.5] - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext (Krister Johansen) [Orabug: 35905508] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 (D Scott Phillips) [Orabug: 35905508] - perf/arm-cmn: Fix invalid pointer...
7.8AI Score
0.0004EPSS
Aerospike Java Client vulnerable to unsafe deserialization of server responses
GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-044 The GitHub Security Lab team has identified a potential security vulnerability in Aerospike Java Client. We are committed to working with you to help resolve this issue. In this report you will find everything you need to effectively...
9.8CVSS
8AI Score
0.002EPSS
5.5CVSS
6.8AI Score
0.003EPSS
Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector (IV) lengths. This could lead to truncation issues and result in loss of confidentiality for some symmetric cipher modes. (CVE-2023-5363) Juerg Wullschleger discovered that OpenSSL incorrectly handled the...
7.5CVSS
5.5AI Score
0.004EPSS
[SECURITY] [DSA 5532-1] openssl security update
Debian Security Advisory DSA-5532-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 24, 2023 https://www.debian.org/security/faq Package : openssl CVE ID : CVE-2023-5363 Tony Battersby...
7.5CVSS
6.3AI Score
0.001EPSS
Releases Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04 LTS Packages openssl - Secure Socket Layer (SSL) cryptographic library and tools Details Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector (IV) lengths. This could lead to truncation issues and result in...
7.5CVSS
6.5AI Score
0.004EPSS
Digital security sessions at Microsoft Ignite to prepare you for the era of AI
Thousands of security professionals will join us for Microsoft Ignite 2023 from November 14 to 17, 2023, where we will share how to embrace the AI era confidently, with protection for people, data, devices, and apps that extends across clouds and platforms. With more than 45 security sessions,...
7.1AI Score
Digital security sessions at Microsoft Ignite to prepare you for the era of AI
Thousands of security professionals will join us for Microsoft Ignite 2023 from November 14 to 17, 2023, where we will share how to embrace the AI era confidently, with protection for people, data, devices, and apps that extends across clouds and platforms. With more than 45 security sessions,...
7.1AI Score
Ubuntu 14.04 LTS / 16.04 LTS : Bind vulnerability (USN-3119-1)
Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description...
7.5CVSS
7.7AI Score
0.951EPSS
Ubuntu 14.04 LTS / 16.04 LTS : Ruby vulnerabilities (USN-3365-1)
It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147) Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby...
7.5CVSS
8.2AI Score
0.08EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.324.5.3] - Revert 'jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint' (Sherry Yang) [Orabug: 35896102] [5.4.17-2136.324.5.2] - fix breakage in do_rmdir() (Al Viro) [Orabug: 35885837] [5.4.17-2136.324.5.1] - x86: KVM: SVM: always update the x2avic msr...
7.4AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.530.5.1] - Revert 'rtnetlink: Reject negative ifindexes in RTM_NEWLINK' (Saeed Mirzamohammadi) [Orabug: 35896831] [4.14.35-2047.530.5] - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Kyle Zeng) [Orabug: 35824288] {CVE-2023-42753} -...
7.1AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.324.5.3.el7] - Revert 'jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint' (Sherry Yang) [Orabug: 35896102] [5.4.17-2136.324.5.2.el7] - fix breakage in do_rmdir() (Al Viro) [Orabug: 35885837] [5.4.17-2136.324.5.1.el7] - x86: KVM: SVM: always update the...
7.5AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.324.5.3.el8] - Revert 'jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint' (Sherry Yang) [Orabug: 35896102] [5.4.17-2136.324.5.2.el8] - fix breakage in do_rmdir() (Al Viro) [Orabug: 35885837] [5.4.17-2136.324.5.1.el8] - x86: KVM: SVM: always update the...
7.5AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[5.15.0-106.131.4] - jbd2: check 'jh->b_transaction' before removing it from checkpoint (Zhihao Cheng) - jbd2: fix checkpoint cleanup performance regression (Zhang Yi) - scsi: qla2xxx: Fix TMF leak through (Quinn Tran) - scsi: qla2xxx: Fix command flush during TMF (Quinn Tran) - scsi: qla2xxx:.....
7.8CVSS
7.6AI Score
0.001EPSS
7.1AI Score
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9...
6.1CVSS
6AI Score
0.0005EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9...
7.1CVSS
6AI Score
0.0005EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9...
6.1CVSS
6.3AI Score
0.0005EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.323.8.el7] - vhost-scsi: Fix alignment handling with windows (Mike Christie) [Orabug: 35769318] - Revert 'vhost/scsi: support non zerocopy iovecs' (Rajan Shanmugavelu) [Orabug: 35769318] [5.4.17-2136.323.7.el7] - x86: change default to spec_store_bypass_disable=prctl...
6.5CVSS
7.6AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.323.8] - vhost-scsi: Fix alignment handling with windows (Mike Christie) [Orabug: 35769318] - Revert 'vhost/scsi: support non zerocopy iovecs' (Rajan Shanmugavelu) [Orabug: 35769318] [5.4.17-2136.323.7] - x86: change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl...
6.5CVSS
7.6AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.323.8.el8] - vhost-scsi: Fix alignment handling with windows (Mike Christie) [Orabug: 35769318] - Revert 'vhost/scsi: support non zerocopy iovecs' (Rajan Shanmugavelu) [Orabug: 35769318] [5.4.17-2136.323.7.el8] - x86: change default to spec_store_bypass_disable=prctl...
6.5CVSS
7.6AI Score
0.001EPSS
CVE-2023-32499 WordPress Radio Station Plugin <= 2.4.0.9 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9...
7.1CVSS
6.4AI Score
0.0005EPSS
PHP Mail Function Header Spoofing Vulnerability
The remote host is running a version of PHP <= 4.2.2. The mail() function does not properly sanitize user...
6.5AI Score
0.028EPSS
Nmap NSE net: http-vmware-path-vuln
Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server (CVE-2009-3733). The vulnerability was originally released by Justin Morehouse and Tony Flick, who presented at Shmoocon 2010 (see reference). SYNTAX: http.pipeline: If set, it represents the number of HTTP requests...
7.3AI Score
0.959EPSS
9.9CVSS
7.9AI Score
0.001EPSS
7.5CVSS
7.2AI Score
0.951EPSS
Wisconsin Governor Hacks the Veto Process
In my latest book, A Hacker's Mind, I wrote about hacks as loophole exploiting. This is a great example: The Wisconsin governor used his line-item veto powers--supposedly unique in their specificity--to change a one-year funding increase into a 400-year funding increase. He took this wording: ...
6.9AI Score
7.5CVSS
7.2AI Score
0.951EPSS
7.5CVSS
7.2AI Score
0.951EPSS
7.5CVSS
6.7AI Score
0.944EPSS
7.5CVSS
6.7AI Score
0.944EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.321.4.el8] - tick/common: Align tick period during sched_timer setup (Thomas Gleixner) [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit() loop if cp_index > 0 (Gerd Rausch) [Orabug: 35510149] [5.4.17-2136.321.3.el8] - selinux: don't use make's grouped targets feature yet...
7.8CVSS
8AI Score
0.006EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.321.4] - tick/common: Align tick period during sched_timer setup (Thomas Gleixner) [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit() loop if cp_index > 0 (Gerd Rausch) [Orabug: 35510149] [5.4.17-2136.321.3] - selinux: don't use make's grouped targets feature yet (Paul...
7.8CVSS
8AI Score
0.006EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.321.4.el7] - tick/common: Align tick period during sched_timer setup (Thomas Gleixner) [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit() loop if cp_index > 0 (Gerd Rausch) [Orabug: 35510149] [5.4.17-2136.321.3.el7] - selinux: don't use make's grouped targets feature yet...
7.8CVSS
8AI Score
0.006EPSS
This is an upgrade from tomcat 6.0.35 (the version previously available in squeeze) to 6.0.41, the full list of changes between these versions can be see in the upstream changelog, which is available online at http://tomcat.apache.org/tomcat-6.0-doc/changelog.html This update fixes the following...
2.7AI Score
EPSS
This is an upgrade from tomcat 6.0.35 (the version previously available in squeeze) to 6.0.41, the full list of changes between these versions can be see in the upstream changelog, which is available online at http://tomcat.apache.org/tomcat-6.0-doc/changelog.html This update fixes the following...
2.6AI Score
EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.320.7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] - KVM:...
7.8CVSS
8AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.320.7.el8] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...
7.8CVSS
7.8AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.320.7.el7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...
7.8CVSS
7.8AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final() (Alexandre Ghiti) - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (Liu Jian) - riscv: mm: remove redundant parameter of create_fdt_early_page_table (Song Shuai) - kernfs:...
7.8CVSS
8.5AI Score
0.0004EPSS
7.1AI Score
6.9AI Score
Although some ReDoS vulnerabilities can be very serious (particularly when they’re server-side and enable an untrusted remote attacker to DOS the server), very often they land much closer to the “annoying” end of the CVSS rating scale: not particularly serious, but easy to create by accident,...
7.3AI Score