SUSE CVE-2017-9778

GNU Debugger GDB 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB...

SUSE CVE-2018-5167

The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display...

SUSE CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

SUSE CVE-2018-6140

Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension...

SUSE CVE-2018-7160

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...

SUSE CVE-2018-12120

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...

SUSE CVE-2018-16081

Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension...

SUSE CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

SUSE CVE-2021-37985

Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

Stored DOM-based Cross-site Scripting in Tags Functionality

Description A stored, DOM-based cross-site scripting vulnerability exists in answer version 1.0.4 within the question tagging functionality. Steps Step 1. Log in. Step 2. Proceed to create a new question. Populate the Title and Body input. Step 3. Click on the Add tag button, shown in the followi...

Out-of-bounds Write

kernel is vulnerable to Out-of-bounds Write. The vulnerability exists because the kernel debugger could be used to bypass UEFI Secure Boot restrictions. An attacker with access to a serial port could trigger the debugger and allow read and write access...

Array Networks AG 缓冲区错误漏洞

Array Networks AG/vxAG is an Array SSL-VPN gateway product from Array Networks, Inc. A security vulnerability exists in Array Networks AG. A remote attacker with administrator privileges could use the gdb utility to overwrite the back-end function call stack to trigger a denial of service attack...

GHSA-7VCX-V65Q-9WPG XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument

In order for this weakness to be exploited, the following conditions have to apply, at the same time: - method Wrapper::buildClientWrapperCode, or any methods which depend on it, such as Wrapper::wrapXmlrpcServer, Wrapper::wrapXmlrpcMethod or Wrapper::buildWrapMethodSource must be in use. Note th...

XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument

In order for this weakness to be exploited, the following conditions have to apply, at the same time: - method Wrapper::buildClientWrapperCode, or any methods which depend on it, such as Wrapper::wrapXmlrpcServer, Wrapper::wrapXmlrpcMethod or Wrapper::buildWrapMethodSource must be in use. Note th...

GHSA-PXQJ-XRV5-QVJF XML-RPC for PHP's debugger vulnerable to possible XSS attack

The bundled xml-rpc debugger is susceptible to XSS attacks. Since the debugger is not designed to be exposed to end users but only to the developers using this library, and in the default configuration it is not exposed to requests from the web, the likelihood of exploitation may be low...

XML-RPC for PHP's debugger vulnerable to possible XSS attack

The bundled xml-rpc debugger is susceptible to XSS attacks. Since the debugger is not designed to be exposed to end users but only to the developers using this library, and in the default configuration it is not exposed to requests from the web, the likelihood of exploitation may be low...

PT-2023-33050 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: Software affected versions not specified Description: The issue concerns a susceptibility to XSS attacks in the bundled xml-rpc debugger. This debugger is intended for developers and not for en...

PT-2023-32992 · Phpxmlrpc · Phpxmlrpc

Name of the Vulnerable Software and Affected Versions: phpxmlrpc affected versions not specified Description: The issue can be exploited when specific methods such as Wrapper::buildClientWrapperCode, Wrapper::wrapXmlrpcServer, Wrapper::wrapXmlrpcMethod, or Wrapper::buildWrapMethodSource are used...

SUSE SLES12 Security Update : python-Werkzeug (SUSE-SU-2022:3977-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3977-1 advisory. - Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same...