CVE-2023-33743

The CVE-2023-33743 entry concerns TeleAdapt RoomCast TA-2400 (versions 1.0–3.1) with an improper access control flaw due to Android Debug Bridge (adb) being available. Public sources in the dataset describe an elevation of privilege risk and root-level access implications stemming from adb exposu...

CVE-2023-33743

TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Access Control; specifically, Android Debug Bridge adb is available...

CVE-2023-23578

Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product's ADB port...

PT-2023-8236 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome on ChromeOS versions prior to 114.0.5735.90 Description: The issue is related to insufficient policy enforcement in the Android Debug Bridge ADB component of Google Chrome on ChromeOS. This allows a local attacker with physical...

SUSE CVE-2014-1909

Integer signedness error in system/core/adb/adbclient.c in Android Debug Bridge ADB for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow...

Analyzing and remediating a malware infested T95 TV box from Amazon

A couple of weeks ago, security news outlets made their rounds reporting on an Android TV box available on Amazon that came pre-installed with malware. The findings came from a Canadian developer, Daniel Milisic, who posted on his GitHub. What Daniel found was an Android T95 TV box infected with...

CVE-2022-26581

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability...

PAX Technology A930 安全漏洞

PAX Technology A930 is an Android mobile payment terminal from PAX Technology, a Chinese company. A security vulnerability exists in the PAX Technology A930 PayDroid7.1.1VirgoV04.3.26T120210419 version, which stems from an ADB daemon that allows the execution of the systool utility in production...

PT-2022-17939 · Pax · Pax A930 +1

Name of the Vulnerable Software and Affected Versions: PAX A930 device with PayDroid versions 7.1.1 Virgo V04.3.26T1 20210419 through 7.1.1 Virgo V04.4.02 20211201 Description: The issue allows the execution of specific command injections on selected binaries in the ADB daemon shell service. An...

[SECURITY] Fedora 37 Update: android-tools-33.0.3p1-1.fc37

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

[SECURITY] Fedora 35 Update: android-tools-33.0.3p1-2.fc35

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

[SECURITY] Fedora 36 Update: android-tools-33.0.3p1-1.fc36

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

Fedora: Security Advisory for android-tools (FEDORA-2022-3e1ade35db)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: android-tools-31.0.2-2.fc35

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

EnemyBot Malware Targets Web Servers, CMS Tools and Android OS

A rapidly evolving IoT malware dubbed “EnemyBot” is targeting content management systems CMS, web servers and Android devices. Threat actor group “Keksec” is believed behind the distribution of the malware, according to researchers. “Services such as VMware Workspace ONE, Adobe ColdFusion,...

EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities

A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems CMS. "The malware is rapidly adopting one-day vulnerabilities as part of its...

GHSA-4M6Q-RXHM-675W OS Command Injection in adb-driver

adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function...

Libre Wireless 访问控制错误漏洞

The Libre Wireless LS9 is a networking device from Libre Wireless USA. A security vulnerability exists in the Libre Wireless LS9 LS1.5/p7040 devices that stems from having Unauthenticated Root ADB Access Over TCP.The web interface of the LS9 provides access to ADB over TCP...

Owncloud ownCloud 权限许可和访问控制问题漏洞

OwnCloud OwnCloud is a personal cloud storage solution from OwnCloud Owncloud, an American company. OwnCloud has a permission and access control issue vulnerability that can be exploited by an attacker to bypass the PIN locking feature by making a restore from this archive, using adb to include t...

Beware: New Matryosh DDoS Botnet Targeting Android-Based Devices

A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service DDoS attacks. Called "Matryosh" by Qihoo 360's Netlab researchers, the latest threat has been found reusing the Mirai botnet framework and...