GHSA-GXPJ-CX7G-858C Regular Expression Denial of Service in debug

Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue. This was later re-introduced in version v3.2.0, and...

Regular Expression Denial of Service in debug

Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue. This was later re-introduced in version v3.2.0, and...

0.8.18-p11 (=0.8.18-p12), 04_nodeblog (=1.0.0) +37646 more potentially affected by CVE-2017-16137 via debug (>=0.1.0 <=2.6.8)

debug NPM version =0.1.0, =1.0.0, =0.0.15, =1.0.4, =1.0.1, =0.0.1, =1.0.3, =0.0.1, =0.1.0, =0.1.2 - 200 =0.0.1 and more Source cves: CVE-2017-16137 Source advisory: OSV:GHSA-GXPJ-CX7G-858C...

Tamper proofing review: the iZettle card payment terminal

Tamper resistance is an increasingly important factor in smart devices. Together with secure hardware design and defensive coding, it can deliver a very secure device. One of the most common areas the average consumer will encounter tamper resistant devices is in payment terminals, or Pin Entry...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4189)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-4189 advisory. - tcp: add tcpoootrycoalesce helper Eric Dumazet Orabug: 28453849 CVE-2018-5390 - tcp: call tcpdrop from tcpdataqueueofo Eric Dumazet Orabug: 28453849...

katello-debug Arbitrary File Overwrite Vulnerability

Katello is a system management engine that provides workflows for configuration management, subscription management and content management. katello-debug is one of the debuggers. An arbitrary file overwrite vulnerability exists in versions prior to katello-debug 3.4.0, which stems from the use of...

CVE-2018-7947

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153C00 have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific...

CVE-2018-7947

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153C00 have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific...

CVE-2018-7947

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153C00 have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific...

CVE-2018-9064

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user...

CVE-2018-9064

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user...

Design/Logic Flaw

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user...

Design/Logic Flaw

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack. A user/process inside a guest could use this flaw to...

CVE-2017-7518

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack. A user/process inside a guest could use this flaw to...

CVE-2018-9064

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user...

CVE-2017-7518

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack. A user/process inside a guest could use this flaw to...

Jenkins Stapler Debug Mode Cross-Site Scripting Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . A...

CVE-2016-9595

A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files...

CVE-2016-9595

A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files...

CVE-2016-9595

Summary: CVE-2016-9595 affects katello-debug before 3.4.0. Affected component uses insecure temporary files for scripts and logs, enabling a local attacker to perform a symbolic-link attack to overwrite arbitrary files. This is supported by multiple sources (NVD entry, CNVD entry, Veracode note, ...