Astra Linux - уязвимость в python-werkzeug

Werkzeug is a comprehensive WSGI web application library. In affected versions of Werkzeug, the debugger can allow an attacker to execute code on a developer’s machine under certain circumstances. This requires the attacker to get the developer to interact with a domain and subdomain that they...

PT-2025-43983

Name of the Vulnerable Software and Affected Versions Easywork Enterprise version 2.1.3.354 Description Easywork Enterprise version 2.1.3.354 exhibits a security issue related to the cleartext storage of sensitive information in memory. Specifically, valid device-bound license keys remain in...

CVE-2025-60791

Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory dump an...

EUVD-2025-25784

Malicious code in bioql PyPI...

EUVD-2024-1358

Malicious code in bioql PyPI...

CVE-2025-8597

MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context despite...

CVE-2025-8700 Privilege Escalation via get-task-allow entitlement in Invoice Ninja

Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...

CVE-2025-8597 Privilege Escalation via get-task-allow entitlement in MacVim.app

MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context despite...

PT-2025-34757 · Macvim · Macvim

Name of the Vulnerable Software and Affected Versions: MacVim affected versions not specified Description: MacVim’s configuration on macOS, specifically the presence of the “com.apple.security.get-task-allow” entitlement, allows local attackers with unprivileged access to attach a debugger, read ...

OESA-2025-1998 python-werkzeug security update

A comprehensive WSGI web application library Security Fixes: Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal...

Vulnerabilities fixed in Rockwell Automation FactoryTalk

Rockwell Automation has fixed vulnerabilities in FactoryTalk View Site. The vulnerabilities are related to improper permissions settings on the remote debugger port, allowing unauthenticated users to access system configurations. This can lead to unauthorized changes. In addition, there is a loca...

MGASA-2024-0234 Updated python-werkzeug packages fix security vulnerability

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...

AZL-40466 CVE-2024-34069 affecting package python-werkzeug for versions less than 2.3.7-2

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...

kernel: possible to use the debugger to write zero into a location of choice

A flaw was found in the kernel/debug/debugcore.c in the Linux kernel in lockdown mode. This flaw allows an attacker with local access to trigger the debugger, bypass lockdown and write anonymously...

Ubuntu: Security Advisory (USN-5465-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2021-37985

Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page...

CVE-1999-1077

Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock...