kernel: possible to use the debugger to write zero into a location of choice

A flaw was found in the kernel/debug/debugcore.c in the Linux kernel in lockdown mode. This flaw allows an attacker with local access to trigger the debugger, bypass lockdown and write anonymously...

Fedora: Security Advisory for mingw-gdb (FEDORA-2022-affcf9eea6)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Jscythe - Abuse The Node.Js Inspector Mechanism In Order To Force Any Node.Js/Electron/V8 Based Process To Execute Arbitrary Javascript Code

jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled. Tested and working against Visual Studio Code, Discord, any Node.js application and more! How 1. Locate t...

OESA-2022-2002 crash security update

The core analysis suite is a self-contained tool that can be used to investigate either live systems, kernel core dumps created from dump creation facilities such as kdump, kvmdump, xendump, the netdump and diskdump packages offered by Red Hat, the LKCD kernel patch, the mcore kernel patch create...

nodejs: DNS rebinding in --inspect via invalid IP addresses

A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9871)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-9871 advisory. - afkey: Do not call xfrmprobealgs in parallel Herbert Xu Orabug: 34566753 CVE-2022-3028 - lockdown: also lock down previous kgdb use Daniel Thompson...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9870)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9870 advisory. - afkey: Do not call xfrmprobealgs in parallel Herbert Xu Orabug: 34566753 CVE-2022-3028 - lockdown: also lock down previous kgdb use Daniel Thompson...

GLSA-202209-17 : Redis: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202209-17 Redis: Multiple Vulnerabilities - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be...

Internet Bug Bounty: DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices)

A vulnerability in Node.js allowed an attacker-controlled DNS server to bypass DNS rebinding protection by resolving hosts in the .local domain. This allowed an attacker to gain access to the Node.js debugger, potentially resulting in remote code execution. The vulnerability affected all versions...

Fedora: Security Advisory for rizin (FEDORA-2022-ff2aa5643d)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

nodejs: DNS rebinding in --inspect via invalid IP addresses

A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...

[SECURITY] Fedora 37 Update: rizin-0.4.1-1.fc37

Rizin is a free and open-source Reverse Engineering framework, providing a complete binary analysis experience with features like Disassembler, Hexadecimal editor, Emulation, Binary inspection, Debugger, and more. Rizin is a fork of radare2 with a focus on usability, working features and co de...

nodejs: DNS rebinding in --inspect via invalid IP addresses

A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...

nodejs: DNS rebinding in --inspect via invalid IP addresses

A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...

nodejs: DNS rebinding in --inspect via invalid IP addresses

A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...

OESA-2022-1866 redis6 security update

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Ubuntu: Security Advisory (USN-5484-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5465-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

LSN-0089-1: Kernel Live Patch Security Notice

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:2482-1)

The remote SUSE Linux SLES12 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2482-1 advisory. - A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root...