The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform allows attackers to perform cross-site scripting attacks.

The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Researchers Uncover Covert Attack Campaign Targeting Military Contractors

A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEPMAVERICK by Securonix, also...

Security Bulletin: Buffer Overflow Vulnerability in IBM DB2 SQL/PSM Stored Procedure Infrastructure (CVE-2012-4826).

Abstract Vulnerability in IBM DB2 could allow an authenticated user to cause a stack-based buffer overflow and possibly attain remote code execution. Content VULNERABILITY DETAILS CVE ID: CVE-2012-4826 DESCRIPTION: The IBM DB2 products listed below contain a security vulnerability that could allo...

Security Bulletin: Ensure that DataPower services running in production environments are not configured to blindly echo requests. (CVE-2013-0499)

Abstract DataPower services like XML Firewall, Multi Protocol Gateway, Web Service Proxy and Web Token Service when configured to blindly echo requests could result in potential security vulnerability in production environments. Content VULNERABILITY DETAILS: DESCRIPTION: For the purposes of...

[SECURITY] Fedora 37 Update: libdwarf-0.4.2-1.fc37

Library to access the DWARF debugging file format which supports source level debugging of a number of procedural languages, such as C, C++, and Fortran. Please see http://www.dwarfstd.org for DWARF specification...

Fedora: Security Advisory for libdwarf (FEDORA-2022-273a86adf0)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PT-2022-33551 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.18 through v5.19.1 Description: The issue is related to the production of debugging information. It was introduced in version v5.18 and fixed in version v5.19.2. The actual impact and attack plausibility have not yet...

Apple macOS Remote Events Memory Corruption

!/usr/bin/env python -- coding: UTF-8 -- naval.py Apple macOS Remote Events Remote Memory Corruption Vulnerability Jeremy Brown jbrown3264/gmail ===== Intro ===== eppc Hello from AEServer Remote Apple Events is a core service and remote system administration and automation tool for Macs. It can b...

System Informer - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware

System Informer A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. Project Website - Project Downloads System requirements Windows 7 or higher, 32-bit or 64-bit. Features A detailed...

The vulnerability in the implementation of the Lockdown Mode mechanism for Linux operating systems allows a hacker to circumvent security restrictions.

The vulnerability in the implementation of the Lockdown Mode for Linux operating system kernels is related to the insecure handling of privileges during the loading of debugging tools KGDB and KDB. Exploiting this vulnerability can allow an attacker to circumvent security restrictions...

GHSA-P6MM-27GQ-9V3P next-auth before v4.10.2 and v3.29.9 leaks excessive information into log

Impact An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log which is thrown during OAuth error handling and use it to leverage further attacks o...

[SECURITY] Fedora 36 Update: golang-x-debug-0-0.15.20210123gitc934e1b.fc36

This repository holds utilities and libraries for debugging Go programs...

[SECURITY] Fedora 36 Update: golang-sourcegraph-appdash-0-0.10.20210113gitebfcffb.fc36

Appdash is an application tracing system for Go, based on Google's Dapper and Twitter's Zipkin. Appdash allows you to trace the end-to-end handling of requests and operations in your application for perf and debugging. It displays timings and application-specific metadata for each step, and it...

Experts Find Similarities Between New LockBit 3.0 and BlackMatter Ransomware

Cybersecurity researchers have reiterated similarities between the latest iteration of the LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that closed shop in November 2021. The new version of LockBit, called LockBit 3.0 aka LockBit Black, was released in...

Goldshell ASIC Miners 安全漏洞

Goldshell ASIC Miners is a mining host from the Chinese company Goldshell. A security vulnerability exists in Goldshell ASIC Miners v2.2.1 and below, which stems from a debugging interface that was found to be publicly exposed on a web interface, allowing an attacker to access passwords and other...

[SECURITY] Fedora 35 Update: golang-sourcegraph-appdash-0-0.9.20210113gitebfcffb.fc35

Appdash is an application tracing system for Go, based on Google's Dapper and Twitter's Zipkin. Appdash allows you to trace the end-to-end handling of requests and operations in your application for perf and debugging. It displays timings and application-specific metadata for each step, and it...

[SECURITY] Fedora 35 Update: golang-github-maruel-panicparse-1.6.0-5.fc35

Parses panic stack traces, densifies and deduplicates goroutines with similar stack traces. Helps debugging crashes and deadlocks in heavily parallelized process...

openSUSE: Security Advisory for resource-agents (SUSE-SU-2022:2325-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-x-debug (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-x-debug-0-0.14.20210123gitc934e1b.fc36

This repository holds utilities and libraries for debugging Go programs...