CVE-2023-6936 Heap-buffer over-read with WOLFSSL_CALLBACKS

In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...

Exploit for Improper Access Control in Joomla Joomla\!

Joomla! options Arguments - url: Root URL base...

LaborOfficeFree 19.10 MySQL Root Password Calculator

Exploit Title: LaborOfficeFree 19.10 MySQL Root Password Calculator - CVE-2024-1346 Google Dork: N/A Date: 09/02/2023 Exploit Author: Peter Gabaldon - https://pgj11.com/ Vendor Homepage: https://www.laborofficefree.com/ Software Link: https://www.laborofficefree.com/plans Version: 19.10 Tested on...

vantage6 has insecure SSH configuration for node and server containers

Impact Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. We will probably opt to...

DeviceFarmer STF Security Vulnerability

STF is an open source web application from Device Farmer for remotely debugging smartphones, smartwatches and other gadgets from the comfort of your browser. A security vulnerability exists in DeviceFarmer STF version v3.6.6, which stems from the use of a corrupted or risky encryption algorithm...

OTRS Log Information Disclosure Vulnerability

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS that stems from the insertion of debugging information into a log file during the construction of a resilient search index allowing sensitive information to be read from it...

Fedora: Security Advisory for sos (FEDORA-2024-2fb8991c68)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: sos-4.6.1-1.fc38

Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging. Sos is commonly used to help support technicians and developers...

[SECURITY] Fedora 39 Update: sos-4.6.1-1.fc39

Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging. Sos is commonly used to help support technicians and developers...

AMD EPYC Security Vulnerability

AMD EPYC is a line of x86 architecture server microprocessors from AMD Semiconductor, known in Chinese as "霄龙", which utilizes the Zen microarchitecture. A security vulnerability exists in AMD EPYC Generation 3 and 4 that allows a privileged attacker to prevent the delivery of debugging exception...

Sensitive Information Disclosure

react-native-mmkv is vulnerable to Sensitive Information Disclosure. The vulnerability is due to logging the encryption key for the MMKV database into the Android system log. This issue can be exploited by an attacker via accessing to the Android Debugging Bridge resulting in sensitive informatio...

CVE-2024-21668

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...

CVE-2024-21668 Insertion of Sensitive Information into Log File in react-native-mmkv

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...

CVE-2024-21668 Insertion of Sensitive Information into Log File in react-native-mmkv

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...

Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer

Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. "These YouTube videos typically feature content related to cracked applications, presenting users with similar...

PT-2024-19010 · Unknown · React-Native-Mmkv

Name of the Vulnerable Software and Affected Versions: react-native-mmkv versions prior to 2.11.0 Description: The react-native-mmkv library logged the optional encryption key for the MMKV database into the Android system log before version 2.11.0. This allowed anyone with access to the Android...

CVE-2023-49235

The CVE-2023-49235 entry affects TRENDnet TV-IP1314PI devices (firmware 5.5.3 200714) via libremote_dbg.so. The root cause is mishandled filtering of debug information during use of popen, which can allow an attacker to bypass validation and execute a shell command. Red Hat/NVD entries corroborat...

CVE-2023-34328

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...

CVE-2023-34328

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...

CVE-2023-34327

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...