0.8.18-p11 (=0.8.18-p12), 04_nodeblog (=1.0.0) +37646 more potentially affected by CVE-2017-16137 via debug (>=0.1.0 <=2.6.8)

debug NPM version =0.1.0, =1.0.0, =0.0.15, =1.0.4, =1.0.1, =0.0.1, =1.0.3, =0.0.1, =0.1.0, =0.1.2 - 200 =0.0.1 and more Source cves: CVE-2017-16137 Source advisory: OSV:GHSA-GXPJ-CX7G-858C...

Tamper proofing review: the iZettle card payment terminal

Tamper resistance is an increasingly important factor in smart devices. Together with secure hardware design and defensive coding, it can deliver a very secure device. One of the most common areas the average consumer will encounter tamper resistant devices is in payment terminals, or Pin Entry...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4189)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-4189 advisory. - tcp: add tcpoootrycoalesce helper Eric Dumazet Orabug: 28453849 CVE-2018-5390 - tcp: call tcpdrop from tcpdataqueueofo Eric Dumazet Orabug: 28453849...

katello-debug Arbitrary File Overwrite Vulnerability

Katello is a system management engine that provides workflows for configuration management, subscription management and content management. katello-debug is one of the debuggers. An arbitrary file overwrite vulnerability exists in versions prior to katello-debug 3.4.0, which stems from the use of...

CVE-2018-7947

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153C00 have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific...

CVE-2018-7947

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153C00 have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific...

CVE-2018-7947

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153C00 have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific...

CVE-2018-9064

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user...

CVE-2018-9064

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user...

Design/Logic Flaw

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user...

Design/Logic Flaw

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack. A user/process inside a guest could use this flaw to...

CVE-2017-7518

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack. A user/process inside a guest could use this flaw to...

CVE-2018-9064

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user...

CVE-2017-7518

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack. A user/process inside a guest could use this flaw to...

Jenkins Stapler Debug Mode Cross-Site Scripting Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . A...

CVE-2016-9595

A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files...

CVE-2016-9595

A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files...

CVE-2016-9595

Summary: CVE-2016-9595 affects katello-debug before 3.4.0. Affected component uses insecure temporary files for scripts and logs, enabling a local attacker to perform a symbolic-link attack to overwrite arbitrary files. This is supported by multiple sources (NVD entry, CNVD entry, Veracode note, ...

CVE-2017-15113

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to...

Design/Logic Flaw

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to...