CVE-2020-28211

CVE-2020-28211 affects Schneider Electric EcoStruxure Control Expert (PLC Simulator) with an Incorrect Authorization weakness (CWE-863) that could allow authentication bypass by overwriting memory via a debugger. Affected software is EcoStruxure Control Expert (Unity Pro) across all versions; the...

CVE-2020-28211

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause bypass of authentication when overwriting memory using a debugger...

Schneider Electric EcoStruxure Control Expert 权限许可和访问控制问题漏洞

Schneider Electric EcoStruxure Control Expert is the universal programming, commissioning and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. An incorrect authorization vulnerability exists in PLC Simulator in Schneider Electric EcoStruxure Control...

TestWER (Test Windows Error Reporting)

TestWER Test Windows Error Reporting Version 2.0 Created Date: 12/06/2006 Updated Date: 02/02/2011 Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide...

ShowStopper - Anti-Debug tricks exploration tool

The ShowStopper project is a tool to help malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods. With this tool, you can attach a debugger to its process and research the debugger’s behavior for the...

CVE-2020-27402

The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port UART connection or using adb...

llvm-toolset:rhel8 bug fix and enhancement update

LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

AutoGadgetFS - USB Testing Made Easy

What’s AutoGadgetFS ? AutoGadgetFS is an open source framework that allows users to assess USB devices and their associated hosts/drivers/software without an in-depth knowledge of the USB protocol. The tool is written in Python3 and utilizes RabbitMQ and WiFi access to enable researchers to condu...

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.

...

CVE-2020-15165

Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHu...

Design/Logic Flaw

Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHu...

CVE-2020-15165

The CVE-2020-15165 entry concerns the Chameleon Mini Live Debugger Android package (Google Play) version 1.1.6-free, where sources or permissions may have been tampered by a malicious actor. Red Hat and OSV records cite the same vulnerability description; ENISA EUVD-2020-7239 notes malware in the...

CVE-2020-15165 Potentially tampered sources on Play Store for Chameleon Mini Live Debugger

Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHu...

IBM Security Guardium Cross-Site Scripting Vulnerability (CNVD-2020-50543)

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A cross-site scripting vulnerability exists in IBM Security Guardium...

WebKit On iOS PAC / JIT Hardening Bypass Vulnerability

PAC and JIT Hardening Bypass in WebKit on iOS As per discussions with email protected, Apple would like to treat the PAC bypass described here as a security vulnerability by itself. The bypass was initially reported without a deadline on May 6. After receiving the reply that they will treat it as...

openSUSE Security Update : java-11-openjdk (openSUSE-2020-1191)

This update for java-11-openjdk fixes the following issues : - Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

Fedora: Security Advisory for radare2 (FEDORA-2020-d5b33b6e6c)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: radare2-4.5.0-2.fc32

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

[SECURITY] Fedora 31 Update: radare2-4.5.0-1.fc31

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...