Linux: daemon.debug in /etc/rsyslog.conf

Test if and to which file the debug logs generated by the daemon process are recorded. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

The vulnerability in the implementation of the Secure Boot protocol for operating systems with Windows, which allows a perpetrator to disclose protected information

The vulnerability of the Secure Boot protocol for Windows operating systems is related to errors in accessing debug functions during the loading process. Exploiting this vulnerability can allow attackers to disclose sensitive information, using a specially created application...

SUSE SLES15 Security Update : ipmitool (SUSE-SU-2020:0617-1)

This update for ipmitool fixes the following issues : CVE-2020-5208: Fixed multiple remote code executtion vulnerabilities bsc1163026. picmg discover messages are now DEBUG and not INFO messages bsc1085469. Note that Tenable Network Security has extracted the preceding description block directly...

SUSE-SU-2020:0617-1 Security update for ipmitool

This update for ipmitool fixes the following issues: - CVE-2020-5208: Fixed multiple remote code executtion vulnerabilities bsc1163026. - picmg discover messages are now DEBUG and not INFO messages bsc1085469...

CVE-2020-1753

A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw...

CVE-2018-7568

An integer wraparound has been discovered in the Binary File Descriptor BFD library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information...

Ghost Framework - An Android Post Exploitation Framework That Uses An Android Debug Bridge To Remotely Access A n Android Device

Ghost Framework is an Android post exploitation framework that uses an Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration. Getting started Ghost installation cd ghost chmod +x install.sh ./install....

Denial Of Service (DoS)

github.com/gambol99/go-marathon is vulnerable to denial of service DoS attacks. The vulnerability is possible due to the nil panic occurrence in the function 'NewClient' in client.go when accessing an empty debug log allowing an attacker to cause an application crash...

CVE-2020-4278

IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. IBM X-Force ID: 176137...

CVE-2020-4278

IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. IBM X-Force ID: 176137...

undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files

A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files...

CVE-2019-14071

Compromised reset handler may bypass access control due to AC config is being reset if debug path is enabled to collect secure or non-secure ram dumps in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

Improper access control

Compromised reset handler may bypass access control due to AC config is being reset if debug path is enabled to collect secure or non-secure ram dumps in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

CVE-2019-14071

Compromised reset handler may bypass access control due to AC config is being reset if debug path is enabled to collect secure or non-secure ram dumps in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

Google Chrome 72 / 73 Array.map Corruption

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome 72 and 73 Array.map exploit', 'Description' = %q This module exploits an issue in Chrome 73.0.3683.86 64 bit. The exploit corrupts...

openSUSE Security Update : cacti / cacti-spine (openSUSE-2020-272)

This update for cacti, cacti-spine fixes the following issues : cacti-spine was updated to version 1.2.9. Security issues fixed : - CVE-2009-4112: Fixed a privilege escalation bsc1122535. - CVE-2018-20723: Fixed a cross-site scripting XSS vulnerability bsc1122245. - CVE-2018-20724: Fixed a...

CVE-2014-7951

Directory traversal vulnerability in the Android debug bridge aka adb in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. dot dot in the tar archive headers...

CVE-2014-7951

Directory traversal vulnerability in the Android debug bridge aka adb in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. dot dot in the tar archive headers...

CVE-2014-7951

The CVE-2014-7951 entry details a Directory traversal vulnerability in Android's adb (Android 4.0.4) where an attacker with physical access and a direct connection can write to arbitrary system-owned files by crafting tar headers with a .. sequence. Connected documents (including exploit examples...

Java Debug Wire Protocol (JDWP) Service Detection (TCP)

TCP based detection of services supporting the Java Debug Wire Protocol JDWP. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...