Tony Zeoli, Tony Hayes Security Vulnerabilities

CVE-2024-33689

Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Hayes Radio Station.This issue affects Radio Station: from n/a through...

CVE-2024-33689 WordPress Radio Station plugin <= 2.5.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Hayes Radio Station.This issue affects Radio Station: from n/a through...

tony-dieagentur.de Cross Site Scripting vulnerability OBB-3909182

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12272)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12272 advisory. [5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug:...

Unbreakable Enterprise kernel security update

[5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael....

Unbreakable Enterprise kernel security update

[4.14.35-2047.536.5] - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (Song Liu) - mm/memory-failure: fix an incorrect use of tail pages (Liu Shixin) - Revert 'x86/mm/ident_map: Use gbpages only where full GB page...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2024-12274)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12274 advisory. [5.4.17-2136.330.7.1.el7] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan...

Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2024-12275)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12275 advisory. [5.4.17-2136.330.7.1.el8] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12271)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12271 advisory. [5.4.17-2136.330.7.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan...

RedHat Update for bind97 RHSA-2016:2142-01

The remote host is missing an update for...

RedHat Update for bind RHSA-2016:2615-01

The remote host is missing an update for...

RedHat Update for bind RHSA-2016:2141-01

The remote host is missing an update for...

Oracle Linux 8 : kernel (ELSA-2024-3138)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3138 advisory. [4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was....

Unbreakable Enterprise kernel security update

[5.4.17-2136.331.7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.331.7.el7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...

systemd security update

[252-32.0.2] - Due to a new [Orabug: 36564551] filed on April 29 2024, reverting from back to - previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved. - Re-Added 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792] - Removed the following,.....

Unbreakable Enterprise kernel security update

[5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Enumerate Branch...

kernel security, bug fix, and enhancement update

[4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.330.7.1.el7] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Enumerate...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.330.7.1.el8] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Enumerate...

Unbreakable Enterprise kernel security update

[5.4.17-2136.330.7.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Enumerate Branch...

QR Phishing. Fact or Fiction?

October 2023’s Cyber Security Awareness Month led to a flurry of blog posts about a new attack called Quishing (QR Code phishing) and how new AI powered email gateways can potentially block these attacks. What’s the attack? To understand the attack you need understand the challenge that the...

Unbreakable Enterprise kernel security update

[5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer...

Aerospike Java Client vulnerable to unsafe deserialization of server responses

GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-044 The GitHub Security Lab team has identified a potential security vulnerability in Aerospike Java Client. We are committed to working with you to help resolve this issue. In this report you will find everything you need to effectively...

Ubuntu: Security Advisory (USN-3119-1)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2016-0365)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6450-1)

The remote host is missing an update for...

Debian: Security Advisory (DSA-5532-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-696-1)

The remote host is missing an update for the...

Ubuntu: Security Advisory (USN-3365-1)

The remote host is missing an update for...

Debian: Security Advisory (DSA-3703-1)

The remote host is missing an update for the...

Ubuntu: Security Advisory (USN-1510-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-1509-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-1509-2)

The remote host is missing an update for...

OSINT in 60 seconds. Mind reading on TV

TL;DR We were asked to help with a Channel 5 consumer education series about online banking scams The presenter, Alexis Conran, was to ‘read’ the minds of members of the public walking past a coffee shop A release form was signed by the targets, with their name, email, and phone number, then...

Unbreakable Enterprise kernel security update

[4.14.35-2047.533.3] - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - sched/fair: Fix tg-&gt;load when offlining a CPU (Vincent Guittot) [Orabug: 36185208] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143229] - sched/rt:...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.328.3.el8] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg-&gt;load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c:....

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.328.3.el7] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg-&gt;load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c:....

Unbreakable Enterprise kernel security update

[5.4.17-2136.328.3] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg-&gt;load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c:...

Bootiful Spring Boot in 2024 (part 1)

NB: the code is here on my Github account: github.com/joshlong/bootiful-spring-boot-2024-blog. Hi, Spring fans! I'm Josh Long, and I work on the Spring team. I'm excited to be keynoting and giving a talk at Microsoft's JDConf this year. I'm a Kotlin GDE and a Java Champion, and I'm of the opinion.....

kernel security update

[5.14.0-362.13.0.1_3.OL9] cifs: Fix UAF in cifs_demultiplex_thread() (Zhang Xiaoxu) (Steve French) {CVE-2023-1192} fs/smb/client: Reset password pointer to NULL (Quang Le) (Steve French) {CVE-2023-5345} igb: set max size RX buffer when store bad packet is enabled (Tony Nguyen) (David S. Miller)...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.326.6.el8] - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (Junxiao Bi) [Orabug: 35914789] - md: bypass block throttle for superblock update (Junxiao Bi) [Orabug: 35914789] [5.4.17-2136.326.5.el8] - Revert 'tracing: Increase trace array ref count on enable and filter...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.326.6.el7] - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (Junxiao Bi) [Orabug: 35914789] - md: bypass block throttle for superblock update (Junxiao Bi) [Orabug: 35914789] [5.4.17-2136.326.5.el7] - Revert 'tracing: Increase trace array ref count on enable and filter...

Unbreakable Enterprise kernel security update

[5.4.17-2136.326.6] - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (Junxiao Bi) [Orabug: 35914789] - md: bypass block throttle for superblock update (Junxiao Bi) [Orabug: 35914789] [5.4.17-2136.326.5] - Revert 'tracing: Increase trace array ref count on enable and filter files'...

OSINT. What can you find from a domain or company name

We carry out lots of attack surface assessments, parts of which involve investigating information that has been unintentionally disclosed. To help OPSEC people I thought it might be useful to go over some of the key things that can be found using domain and company names. Domain name So let’s dive....

Unbreakable Enterprise kernel security update

[5.15.0-201.135.6] - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller (Johnathan Mantey) - netfilter: nf_tables: split async and sync catchall in two functions (Pablo Neira Ayuso) - netfilter: nf_tables: remove catchall element in GC sync path (Pablo Neira Ayuso) - scsi:...

Unbreakable Enterprise kernel security update

[4.14.35-2047.532.3] - Revert 'mmc: core: Capture correct oemid-bits for eMMC cards' (Dominique Martinet) - media: dvb-usb-v2: af9035: fix missing unlock (Hans Verkuil) - perf/core: Fix potential NULL deref (Peter Zijlstra) [4.14.35-2047.532.2] - x86: change default to...

OPSEC failures when threat hunting

Over the last few years I’ve carried out a lot of phishing, and have some interesting observations on how organisations respond. However, the purpose of this blog is to highlight a worrying (and amusing) trend in response actions taken by the blue team and researchers when threat hunting a...

CVE-2021-23442

This affects all versions of package @cookiex/deep. The global proto object can be polluted using the proto...

Prototype Pollution in cookiex/deep

The npm @cookiex/deep package before version 0.0.7 has a prototype pollution vulnerability. The global proto object can be polluted using the proto...