Medium: docker

Issue Overview: A command injection flaw was discovered in Docker during the docker build command. By providing a specially crafted path argument for the container to build, it is possible to inject command options to the git fetch/git checkout commands that are executed by Docker and to execute...

OpenAFS Denial of Service Vulnerability (CNVD-2019-43378)

OpenAFS is a set of open source distributed file system , allowing systems to share files and resources through the local area and wide area network . A denial of service vulnerability exists in OpenAFS. An attacker could exploit this vulnerability by making a series of VOTEDebug RPC calls to cau...

DEBIAN-CVE-2019-18601

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTEDebug RPC calls to crash a database server within the SVOTEDebug RPC handler...

CVE-2019-18601

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTEDebug RPC calls to crash a database server within the SVOTEDebug RPC handler...

UBUNTU-CVE-2019-18601

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTEDebug RPC calls to crash a database server within the SVOTEDebug RPC handler...

The vulnerability of the Android operating system’s adb module allows a hacker to increase their privileges.

The vulnerability of the Android operating system’s adb module is related to incorrect handling of the socket shutdown operation. Exploiting this vulnerability allows a remote attacker to enhance their privileges through a specially created application...

BSA-2019-865

Security Advisory ID : BSA-2019-865 Component : SANnav Revision : 1.0 The authentication mechanism, in Brocade SANnav versions before v2.0,logs plaintext account credentials at the ‘trace’ and the 'debug'logging level;which could allow a local authenticated attacker to access sensitive informatio...

ansible: secrets disclosed on logs when no_log enabled

Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process...

ansible: secrets disclosed on logs when no_log enabled

Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process...

ansible: secrets disclosed on logs when no_log enabled

Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process...

python-werkzeug: Cross-site scripting in render_full function in debug/tbtools.py

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...

Definitive Dossier of Devilish Debug Details – Part Deux: A Didactic Deep Dive into Data Driven Deductions

In Part One of this blog series, Steve Miller outlined what PDB paths are, how they appear in malware, how we use them to detect malicious files, and how we sometimes use them to make associations about groups and actors. As Steve continued his research into PDB paths, we became interested in...

Trump Campaign Website Left Open to Email Server Hijack

A mistake made by website developers left an official re-election website for President Donald Trump open to attack. The error, impacting hundreds of other websites as well, is tied to a website development tool called Laravel, used to test sites before they go live. The tool, accidentally left...

Visual Studio Code Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer. A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user. If the current user is logged on...

undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files

A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files...

Exploit for Use After Free in Google Android

CVE-2019-2215 Temproot for Pixel 2 and Pixel 2 XL via CVE-...

Deserialization of untrusted data

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt aka the...

Unicorn-Bios - Basic BIOS Emulator For Unicorn Engine

Basic BIOS emulator/debugger for Unicorn Engine. Written to debug the XEOS Operating System boot sequence. Usage: Usage: unicorn-bios OPTIONS BOOTIMG Options: --help / -h: Displays help. --memory / -m: The amount of memory to allocate for the virtual machine in megabytes. Defaults to 64MB, minimu...

Introducing Serverless Computing at the Edge with Akamai EdgeWorkers

For the first time, Akamai is introducing an all-new serverless compute capability to help you customize web traffic, expanding the possibilities of personalized engagement with your customers while putting the flexibility and control in the hands of your developers. Developers can now manipulate...

undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files

A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files...