Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes security vulnerability (CVE-2019-11248)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubelet healthz port that exposes the debugging endpoint on localhost CVE-2019-11248 Vulnerability Details CVE-ID: CVE-2019-11248 Description: Kubernetes could allow a remote attacker to obtain sensitive...

Security update for the Linux Kernel (important)

openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2019:1923-1 Rating: important References: 1051510 1055117 1071995 1083647 1083710 1085030 1086103 1102247 1103991 1103992 1104745 1106061 1109837 1111666 1112374 1114279 1119222 1123959 1127034 1127315...

PT-2019-12214

Name of the Vulnerable Software and Affected Versions Kubernetes versions prior to 1.15.0 Kubernetes versions prior to 1.14.4 Kubernetes versions prior to 1.13.8 Kubernetes versions prior to 1.12.10 Description The issue concerns the exposure of the debugging endpoint "/debug/pprof" over the...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4739)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4739 advisory. - Input: gtco - bounds check collection indent level Grant Hernandez Orabug: 30074413 CVE-2019-13631 Tenable has extracted the preceding description block...

Information Disclosure

github.com/kubernetes/kubernetes is vulnerable to information disclosure. The vulnerability exists as the debugging endpoint debug/pprof is exposed over the unauthenticated healthz port...

SilverSHielD 6.x - Local Privilege Escalation

SilverSHielD 6.x - Local Privilege Escalation This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploit Title: extenua SilverSHielD 6.x local priviledge escalation Google Dork: na Date: 31 Jul 2019 Exploit Author: Ian...

CVE-2019-1010180

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet...

Buffer overflow

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet...

CVE-2019-1010180

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet...

CVE-2019-1010180

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet...

UBUNTU-CVE-2019-1010180

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet...

CVE-2019-1010180

Technical details about CVE-2019-1010180 (GNU gdb) are not publicly provided in the supplied documents; no explicit affected versions, root cause, or fixes are stated beyond 'fixed version: Not fixed yet.' Monitor for updates.

CVE-2019-1010180

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet...

CVE-2019-13631

In parsehidreportdescriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages...

System.Management.Automation subject to bypass via script debugging

Microsoft Security Advisory CVE-2019-1167: Windows Defender Application Control Security Feature Bypass Vulnerability Microsoft Security Advisory CVE-2019-1167: Windows Defender Application Control Security Feature Bypass Vulnerability Executive Summary A security feature bypass vulnerability...

CVE-2019-13631

In parsehidreportdescriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages...

Icebox - Virtual Machine Introspection, Tracing & Debugging

Icebox is a Virtual Machine Introspection solution that enable you to stealthily trace and debug any process kernel or user. It's based on project Winbagility. Files which might be helpful: INSTALL.md: how to install icebox. BUILD.md: how to build icebox. Demo Project Organisation fdp: Fast...

AndroidSecNotes

It is an offensive tool for Android. The repository contains learning notes about Android Security, specifically about the Android Runtime ART and its debugging tools. The notes cover the format of Dex files, the ART runtime, and the Hook framework. The notes mention the use of the "oatdump" tool...

CVE-2019-4299

IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765...

CVE-2019-4299

IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765...