Tony Zeoli, Tony Hayes Security Vulnerabilities

Prototype Pollution in cookiex/deep

The npm @cookiex/deep package before version 0.0.7 has a prototype pollution vulnerability. The global proto object can be polluted using the proto...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.325.5.el7] - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext (Krister Johansen) [Orabug: 35905508] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 (D Scott Phillips) [Orabug: 35905508] - perf/arm-cmn: Fix invalid pointer...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.325.5.el8] - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext (Krister Johansen) [Orabug: 35905508] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 (D Scott Phillips) [Orabug: 35905508] - perf/arm-cmn: Fix invalid pointer...

Denial of Service in graphql-go

Impact This is a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could...

Securing our home labs: Home Assistant code review

Introduction In July, the GitHub Security Lab team conducted a collaborative review of one of our favorite software pieces. While it's not uncommon for our Security Lab researchers to work together on audits and research projects, we found that conducting team audits occasionally provides a...

USN-6450-1: OpenSSL vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector (IV) lengths. This could lead to truncation issues and result in loss of confidentiality for some symmetric cipher...

Unbreakable Enterprise kernel security update

[5.4.17-2136.325.5] - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext (Krister Johansen) [Orabug: 35905508] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 (D Scott Phillips) [Orabug: 35905508] - perf/arm-cmn: Fix invalid pointer...

Aerospike Java Client vulnerable to unsafe deserialization of server responses

GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-044 The GitHub Security Lab team has identified a potential security vulnerability in Aerospike Java Client. We are committed to working with you to help resolve this issue. In this report you will find everything you need to effectively...

Oracle: Security Advisory (ELSA-2014-1843)

The remote host is missing an update for...

openssl vulnerabilities

Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector (IV) lengths. This could lead to truncation issues and result in loss of confidentiality for some symmetric cipher modes. (CVE-2023-5363) Juerg Wullschleger discovered that OpenSSL incorrectly handled the...

[SECURITY] [DSA 5532-1] openssl security update

Debian Security Advisory DSA-5532-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 24, 2023 https://www.debian.org/security/faq Package : openssl CVE ID : CVE-2023-5363 Tony Battersby...

OpenSSL vulnerabilities

Releases Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04 LTS Packages openssl - Secure Socket Layer (SSL) cryptographic library and tools Details Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector (IV) lengths. This could lead to truncation issues and result in...

Digital security sessions at Microsoft Ignite to prepare you for the era of AI

Thousands of security professionals will join us for Microsoft Ignite 2023 from November 14 to 17, 2023, where we will share how to embrace the AI era confidently, with protection for people, data, devices, and apps that extends across clouds and platforms. With more than 45 security sessions,...

Digital security sessions at Microsoft Ignite to prepare you for the era of AI

Thousands of security professionals will join us for Microsoft Ignite 2023 from November 14 to 17, 2023, where we will share how to embrace the AI era confidently, with protection for people, data, devices, and apps that extends across clouds and platforms. With more than 45 security sessions,...

Ubuntu 14.04 LTS / 16.04 LTS : Bind vulnerability (USN-3119-1)

Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description...

Ubuntu 14.04 LTS / 16.04 LTS : Ruby vulnerabilities (USN-3365-1)

It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147) Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby...

Unbreakable Enterprise kernel security update

[5.4.17-2136.324.5.3] - Revert 'jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint' (Sherry Yang) [Orabug: 35896102] [5.4.17-2136.324.5.2] - fix breakage in do_rmdir() (Al Viro) [Orabug: 35885837] [5.4.17-2136.324.5.1] - x86: KVM: SVM: always update the x2avic msr...

Unbreakable Enterprise kernel security update

[4.14.35-2047.530.5.1] - Revert 'rtnetlink: Reject negative ifindexes in RTM_NEWLINK' (Saeed Mirzamohammadi) [Orabug: 35896831] [4.14.35-2047.530.5] - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Kyle Zeng) [Orabug: 35824288] {CVE-2023-42753} -...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.324.5.3.el7] - Revert 'jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint' (Sherry Yang) [Orabug: 35896102] [5.4.17-2136.324.5.2.el7] - fix breakage in do_rmdir() (Al Viro) [Orabug: 35885837] [5.4.17-2136.324.5.1.el7] - x86: KVM: SVM: always update the...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.324.5.3.el8] - Revert 'jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint' (Sherry Yang) [Orabug: 35896102] [5.4.17-2136.324.5.2.el8] - fix breakage in do_rmdir() (Al Viro) [Orabug: 35885837] [5.4.17-2136.324.5.1.el8] - x86: KVM: SVM: always update the...

Unbreakable Enterprise kernel security update

[5.15.0-106.131.4] - jbd2: check 'jh->b_transaction' before removing it from checkpoint (Zhihao Cheng) - jbd2: fix checkpoint cleanup performance regression (Zhang Yi) - scsi: qla2xxx: Fix TMF leak through (Quinn Tran) - scsi: qla2xxx: Fix command flush during TMF (Quinn Tran) - scsi: qla2xxx:.....

3 Lessons We've Learned from Successful Cyberattacks

...

Cross site scripting

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9...

CVE-2023-32499

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9...

CVE-2023-32499

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.323.8.el7] - vhost-scsi: Fix alignment handling with windows (Mike Christie) [Orabug: 35769318] - Revert 'vhost/scsi: support non zerocopy iovecs' (Rajan Shanmugavelu) [Orabug: 35769318] [5.4.17-2136.323.7.el7] - x86: change default to spec_store_bypass_disable=prctl...

Unbreakable Enterprise kernel security update

[5.4.17-2136.323.8] - vhost-scsi: Fix alignment handling with windows (Mike Christie) [Orabug: 35769318] - Revert 'vhost/scsi: support non zerocopy iovecs' (Rajan Shanmugavelu) [Orabug: 35769318] [5.4.17-2136.323.7] - x86: change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.323.8.el8] - vhost-scsi: Fix alignment handling with windows (Mike Christie) [Orabug: 35769318] - Revert 'vhost/scsi: support non zerocopy iovecs' (Rajan Shanmugavelu) [Orabug: 35769318] [5.4.17-2136.323.7.el8] - x86: change default to spec_store_bypass_disable=prctl...

CVE-2023-32499 WordPress Radio Station Plugin <= 2.4.0.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin &lt;= 2.4.0.9...

PHP Mail Function Header Spoofing Vulnerability

The remote host is running a version of PHP &lt;= 4.2.2. The mail() function does not properly sanitize user...

Nmap NSE net: http-vmware-path-vuln

Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server (CVE-2009-3733). The vulnerability was originally released by Justin Morehouse and Tony Flick, who presented at Shmoocon 2010 (see reference). SYNTAX: http.pipeline: If set, it represents the number of HTTP requests...

Exploit for Exposure of Resource to Wrong Sphere in Servicenow

...

CentOS Update for bind CESA-2016:2141 centos5

Check the version of...

Wisconsin Governor Hacks the Veto Process

In my latest book, A Hacker's Mind, I wrote about hacks as loophole exploiting. This is a great example: The Wisconsin governor used his line-item veto powers--supposedly unique in their specificity--to change a one-year funding increase into a 400-year funding increase. He took this wording: ...

CentOS Update for bind97 CESA-2016:2142 centos5

Check the version of...

CentOS Update for bind CESA-2016:2141 centos6

Check the version of...

CentOS Update for bind CESA-2018:2571 centos6

Check the version of...

CentOS Update for bind CESA-2018:2570 centos7

Check the version of...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.321.4.el8] - tick/common: Align tick period during sched_timer setup (Thomas Gleixner) [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit() loop if cp_index &gt; 0 (Gerd Rausch) [Orabug: 35510149] [5.4.17-2136.321.3.el8] - selinux: don't use make's grouped targets feature yet...

Unbreakable Enterprise kernel security update

[5.4.17-2136.321.4] - tick/common: Align tick period during sched_timer setup (Thomas Gleixner) [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit() loop if cp_index &gt; 0 (Gerd Rausch) [Orabug: 35510149] [5.4.17-2136.321.3] - selinux: don't use make's grouped targets feature yet (Paul...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.321.4.el7] - tick/common: Align tick period during sched_timer setup (Thomas Gleixner) [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit() loop if cp_index &gt; 0 (Gerd Rausch) [Orabug: 35510149] [5.4.17-2136.321.3.el7] - selinux: don't use make's grouped targets feature yet...

tomcat6 - regression update

This is an upgrade from tomcat 6.0.35 (the version previously available in squeeze) to 6.0.41, the full list of changes between these versions can be see in the upstream changelog, which is available online at http://tomcat.apache.org/tomcat-6.0-doc/changelog.html This update fixes the following...

tomcat6 - security update

This is an upgrade from tomcat 6.0.35 (the version previously available in squeeze) to 6.0.41, the full list of changes between these versions can be see in the upstream changelog, which is available online at http://tomcat.apache.org/tomcat-6.0-doc/changelog.html This update fixes the following...

Unbreakable Enterprise kernel security update

[5.4.17-2136.320.7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] - KVM:...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.320.7.el8] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.320.7.el7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...

Unbreakable Enterprise kernel security update

[5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final() (Alexandre Ghiti) - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (Liu Jian) - riscv: mm: remove redundant parameter of create_fdt_early_page_table (Song Shuai) - kernfs:...

PrinterLogic Build 1.0.757 XSS / SQL Injection / Authentication Bypass

...

Zero Trust: Better Cybersecurity Insurance and Lower Healthcare Costs

...

How to fix a ReDoS

Although some ReDoS vulnerabilities can be very serious (particularly when they’re server-side and enable an untrusted remote attacker to DOS the server), very often they land much closer to the “annoying” end of the CVSS rating scale: not particularly serious, but easy to create by accident,...