GHSA-CJR9-MR35-7XH6 SpiceDB binding metrics port to untrusted networks and can leak command-line flags

Background The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The /debug/pprof/cmdline endpoint served by the metrics service...

PikPak 安全漏洞

PikPak is a private online disk. A security vulnerability exists in PikPak v1.29.2, which stems from information leakage through the debugging interface...

sos bug fix and enhancement update

An update is available for sos. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sos package contains a set of utilities that gather information from system...

etcd 授权问题漏洞

etcd is a key-value storage system for distributed systems written in the Go language. A security vulnerability exists in Etcd-io version v.3.4.10. A remote attacker could exploit the vulnerability to elevate privileges via the debugging feature...

Google Pixel 安全漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a security vulnerability that stems from a lack of warning to the user and could potentially be initiated using a hidden debugging strategy...

APCLdr - Payload Loader With Evasion Features

Payload Loader With Evasion Features. Features: no crt functions imported indirect syscalls using HellHall api hashing using CRC32 hashing algorithm payload encryption using rc4 - payload is saved in .rsrc Payload injection using APC calls - alertable thread Payload execution using APC - alertabl...

Buffalo network devices 安全漏洞

Buffalo network devices are a family of network devices from Buffalo, Japan. A security vulnerability exists in Buffalo network devices that stems from the use of hard-coded credentials, which could be exploited by an attacker to gain access to the debugging capabilities of the product...

null pointer dereference in class_object_index at vim9class.c:1356

Description null pointer dereference in classobjectindex at vim9class.c:1356 variable cl in classobjectindex at vim9class.c:1254 is NULL at last, reference to cl refers to NULL Version $ git log commit c727b19e9f1df36e44321d933334c7b4961daa54 HEAD - master, tag: v9.0.1374, origin/master,...

Remote Code Execution (RCE)

.NET is vulnerable to Remote Code Execution RCE. The vulnerability exists because the library does not properly validate the debugging symbols, allowing an attacker to inject and execute malicious code while reading a malicious symbols file...

Security Updates for Microsoft .NET core (February 2023)

A remote code execution vulnerability exists in .NET core 6.0 6.0.14 and .NET Core 7.0 7.0.3. This vulnerability exists due to how .NET reads debugging symbols, where reading a malicious symbols file may result in remote code execution. An unauthenticated, local attacker can exploit this, to bypa...

Experts Warn of 'Beep' - A New Evasive Malware That Can Fly Under the Radar

Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that's designed to fly under the radar and drop additional payloads onto a compromised host. "It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM anti-sandbox...

Experts Warn of 'Beep' - A New Evasive Malware That Can Fly Under the Radar

Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that's designed to fly under the radar and drop additional payloads onto a compromised host. "It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM anti-sandbox...

SUSE CVE-2006-1855

choosenewparent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service panic by causing certain circumstances involving termination of a parent process...

SUSE CVE-2009-0368

OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a 1 low level APDU command or 2 debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program...

SUSE CVE-2011-3650

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service memory corruption and application crash or possibly have...

SUSE CVE-2012-0064

xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab...

SUSE CVE-2012-3973

The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and...

SUSE CVE-2013-0154

The getpagetype function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service assertion failure and hypervisor crash via unspecified vectors related to a hypercall...

SUSE CVE-2017-15393

Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak...

SUSE CVE-2018-5132

The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox 59...