PT-2022-4133 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the insecure management of privileges when loading the KGDB and KDB debugging tools in Linux kernel's Lockdown Mode. This could allow an attacker to bypass...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9422)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9422 advisory. 4.1.12-124.62.3.1 - debug: Lock down kgdb Stephen Brennan Orabug: 34152701 CVE-2022-21499 Tenable has extracted the preceding description block directly fro...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9427)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9427 advisory. 4.14.35-2047.513.2.2.el7 - debug: Lock down kgdb Stephen Brennan Orabug: 34152700 CVE-2022-21499 Tenable has extracted the preceding description block directly...

Node.js: DNS rebinding in --inspect (again) via invalid IP addresses

A vulnerability was discovered in the Node.js debugger that allowed an attacker to gain access to the debugger and potentially execute remote code. This was possible due to a flaw in the IsAllowedHost check, which did not properly validate invalid IP addresses, allowing for DNS rebinding attacks...

Pallets Werkzeug cross-site scripting vulnerability

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...

OESA-2022-1632 lua security update

Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description. Security Fixes: singlevar in lparser.c in Lua through 5.4.4 lacks a certain...

Lupo - Malware IOC Extractor. Debugging Module For Malware Analysis Automation

Debugging module for Malware Analysis Automation For a step by step post on how to use Lupo, with images and instructions, please see this post: https://medium.com/@vishalthakur/lupo-malware-ioc-extractor-cc86ae76b85d Introduction Working on security incidents that involve malware, we come across...

IOSSecuritySuite - iOS Platform Security And Anti-Tampering Swift Library

 iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift! If you are developing for iOS and you want to protect your app according to the OWASP MASVS standard, chapter v8, then this library could save you a lot of time.  What ISS detect...

CVE-2022-29820

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible...

CVE-2022-29820

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible...

CVE-2022-29820

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible...

Code injection

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible...

CVE-2022-29820

JetBrains PyCharm before 2022.1 has a vulnerability where the debugger port could be exposed to the internal network. The connected documents confirm the affected product and issue description but do not provide explicit root-cause details, exploit information, impact beyond low severity, or a pa...

CVE-2022-29820

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible...

Jetbrains JetBrains PyCharm 安全漏洞

JetBrains PyCharm is an integrated development environment IDE for the Python language from Czech company Jetbrains. security vulnerability exists in versions prior to JetBrains PyCharm 2022.1, which stems from exposing the debugger port to the internal network, no details of the vulnerability ar...

Cross-site Scripting (XSS) - Reflected

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept Turn on debugger mode. Add path /?alertorigin to any endpoint - script will be reflected, executed...

Pomerium 安全漏洞

Pomerium is an open source identity-aware access agent from the U.S. company Pomerium. It is used to enable secure access to internal applications. A security vulnerability exists in Pomerium that stems from the fact that in a distributed services model, Pomerium's authentication service exposes...

Fedora: Security Advisory for radare2 (FEDORA-2022-85b277e748)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: radare2-5.6.4-1.fc36

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

[SECURITY] Fedora 35 Update: radare2-5.6.4-1.fc35

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...