1558 matches found
SUSE CVE-2018-7160
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...
SUSE CVE-2018-12120
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...
SUSE CVE-2018-16081
Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension...
SUSE CVE-2019-14806
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...
SUSE CVE-2021-37985
Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page...
SUSE CVE-2022-21499
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...
Stored DOM-based Cross-site Scripting in Tags Functionality
Description A stored, DOM-based cross-site scripting vulnerability exists in answer version 1.0.4 within the question tagging functionality. Steps Step 1. Log in. Step 2. Proceed to create a new question. Populate the Title and Body input. Step 3. Click on the Add tag button, shown in the followi...
Out-of-bounds Write
kernel is vulnerable to Out-of-bounds Write. The vulnerability exists because the kernel debugger could be used to bypass UEFI Secure Boot restrictions. An attacker with access to a serial port could trigger the debugger and allow read and write access...
Array Networks AG 缓冲区错误漏洞
Array Networks AG/vxAG is an Array SSL-VPN gateway product from Array Networks, Inc. A security vulnerability exists in Array Networks AG. A remote attacker with administrator privileges could use the gdb utility to overwrite the back-end function call stack to trigger a denial of service attack...
GHSA-7VCX-V65Q-9WPG XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument
In order for this weakness to be exploited, the following conditions have to apply, at the same time: - method Wrapper::buildClientWrapperCode, or any methods which depend on it, such as Wrapper::wrapXmlrpcServer, Wrapper::wrapXmlrpcMethod or Wrapper::buildWrapMethodSource must be in use. Note th...
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument
In order for this weakness to be exploited, the following conditions have to apply, at the same time: - method Wrapper::buildClientWrapperCode, or any methods which depend on it, such as Wrapper::wrapXmlrpcServer, Wrapper::wrapXmlrpcMethod or Wrapper::buildWrapMethodSource must be in use. Note th...
GHSA-PXQJ-XRV5-QVJF XML-RPC for PHP's debugger vulnerable to possible XSS attack
The bundled xml-rpc debugger is susceptible to XSS attacks. Since the debugger is not designed to be exposed to end users but only to the developers using this library, and in the default configuration it is not exposed to requests from the web, the likelihood of exploitation may be low...
XML-RPC for PHP's debugger vulnerable to possible XSS attack
The bundled xml-rpc debugger is susceptible to XSS attacks. Since the debugger is not designed to be exposed to end users but only to the developers using this library, and in the default configuration it is not exposed to requests from the web, the likelihood of exploitation may be low...
PT-2023-33050 · Softwarex · Softwarex
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: Software affected versions not specified Description: The issue concerns a susceptibility to XSS attacks in the bundled xml-rpc debugger. This debugger is intended for developers and not for en...
PT-2023-32992 · Phpxmlrpc · Phpxmlrpc
Name of the Vulnerable Software and Affected Versions: phpxmlrpc affected versions not specified Description: The issue can be exploited when specific methods such as Wrapper::buildClientWrapperCode, Wrapper::wrapXmlrpcServer, Wrapper::wrapXmlrpcMethod, or Wrapper::buildWrapMethodSource are used...
SUSE SLES12 Security Update : python-Werkzeug (SUSE-SU-2022:3977-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3977-1 advisory. - Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same...
LockBit3.0: A Threat that Persists
LockBit3.0: A Threat that Persists By Trellix · November 17, 2022 This blog was written by Alexandre Mundo LockBit is a very well-known family of ransomware that has created havoc worldwide over the last few years. In March 2022, a new variant of the ransomware was discovered. The LockBit3.0...
kernel: possible to use the debugger to write zero into a location of choice
A flaw was found in the kernel/debug/debugcore.c in the Linux kernel in lockdown mode. This flaw allows an attacker with local access to trigger the debugger, bypass lockdown and write anonymously...
kernel: possible to use the debugger to write zero into a location of choice
A flaw was found in the kernel/debug/debugcore.c in the Linux kernel in lockdown mode. This flaw allows an attacker with local access to trigger the debugger, bypass lockdown and write anonymously...
kernel: possible to use the debugger to write zero into a location of choice
A flaw was found in the kernel/debug/debugcore.c in the Linux kernel in lockdown mode. This flaw allows an attacker with local access to trigger the debugger, bypass lockdown and write anonymously...