curl: Use of Deprecated strcpy() with User-Controlled Environment Variable in Memory Debug Initialization

Discovery Method Step 1: Initial Security Scan Find all files using dangerous string functions find src/ -name ".c" -exec grep -l "strcpy|strcat|sprintf|gets" ; OUTPUT: src/toolprogress.c src/toolmain.c Step 2: Locate Vulnerable Code in Main.c Find exact strcpy usage in toolmain.c grep -n...

USN-7382-1 linux-oem-6.11 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86...

USN-7382-1: Linux kernel (OEM) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86...

USN-7380-1 linux-lowlatency vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86...

USN-7379-1 linux, linux-aws, linux-azure, linux-gcp, linux-hwe-6.11, linux-oracle, linux-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86...

Dynamic Instrumentation Tool Platform: DynamoRIO

Dynamic Instrumentation Tool Platform DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling...

Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Privilege Esc

Exploit for linux platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=808 In Linux =4.4, when the CONFIGBPFSYSCALL config option is set and the kernel.unprivilegedbpfdisabled sysctl is not explicitly set to 1 at runtime, unprivileged code can use...

LibreSSL Portable Fork Of OpenSSL Released

After months of code cleanup and rewriting, the OpenBSD Foundation this weekend sent LibreSSL out the door. The slimmed down OpenSSL fork works on a number of platforms beyond OpenBSD, including several Linux flavors, Solaris, Mac OS X and Free BSD. “I firmly believe that LibreSSL is in a better...

[WinDbg v6.12.2.633] Debugging Tools for Windows

WinDbg is a graphical debugger from Microsoft. It is actually just one component of the Debugging Tools for Windows package, which also includes the KD, CDB, and NTSD debuggers. Its claim to fame is debugging memory dumps produced after a crash. It can even debug in kernel mode. For downloads and...

IBM AIX symbolic links vulnerability

Symbolic links vulnerability in libc dynamic memory debugging functionality...