CVE-2020-7958

An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user root in the Rich Execution Environment REE to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The issue is that the...

Design/Logic Flaw

An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user root in the Rich Execution Environment REE to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The issue is that the...

CVE-2020-7958

An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user root in the Rich Execution Environment REE to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The issue is that the...

Mail.ru: Cross-site Scripting (XSS) - Stored in ru.mail.mailapp

A leftover debug code for XSS protection was causing "alert1" execution in the case of XSS vector XSS vector itself was not executed...

NUUO NVRmini2 and NVRsolo

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: NUUO Equipment: NVRmini2, NVRsolo Vulnerabilities: Stack-based Buffer Overflow, Leftover Debug Code 2. RISK EVALUATION Successful exploitation of these...

CVE-2018-8868

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit oth...

CVE-2018-8868

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit oth...

Input validation

Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An...

Insteon Hub MPFS Upload Firmware Update Vulnerability(CVE-2018-3832)

Summary An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To...

MGASA-2018-0050 Updated libxml2 packages fix security vulnerability

Integer overflow in memory debug code in libxml2 before 2.9.5 CVE-2017-5130. It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service CVE-2017-15412...

Updated libxml2 packages fix security vulnerability

Integer overflow in memory debug code in libxml2 before 2.9.5 CVE-2017-5130. It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service CVE-2017-15412...

Debian DLA-1188-1 : libxml2 security update

Pranjal Jumde @pjumde reported an heap overflow in memory debug code of libxml2. For Debian 7 'Wheezy', these problems have been fixed in version 2.8.0+dfsg1-7+wheezy10. We recommend that you upgrade your libxml2 packages. NOTE: Tenable Network Security has extracted the preceding description blo...

Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure Vulnerability

Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive...

Barracuda WAF V360 Firmware 8.0.1.014 Early Boot Root Shell

KL-001-2017-010 : Barracuda WAF Early Boot Root Shell Title: Barracuda WAF Early Boot Root Shell Advisory ID: KL-001-2017-010 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-010.txt 1. Vulnerability Details Affected Vendor: Barracuda Affect...

Barracuda WAF Internal Development Credential Disclosure

Vulnerability Details Affected Vendor: Barracuda Affected Product: Web Application Firewall V360 Affected Version: Firmware v8.0.1.014 Platform: Embedded Linux CWE Classification: CWE-489: Leftover Debug Code, CWE-200: Information Exposure Impact: Privileged Access Attack vector: Code Review 2...

USB Enhanced Performance Keyboard - Lenovo Support US

No description provided...

USB Enhanced Performance Keyboard

Lenovo Security Advisory: LEN-2015-015 Potential Impact: Escalation of Privilege Severity: Low Summary: Lenovo’s “USB Enhanced Performance Keyboard” software has a known issue where debug code was accidently left in the application. The debug code includes information about which keys on the...

New Linux Rootkit Attacks Internet Users

Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of...

Splunk Inadvertently Exposes User Passwords

The passwords of customers on Splunk.com were revealed after some debug information leaked on to its production servers. The debug code exposed users passwords to Splunk.com as clear text, the company said. Read the full article. The Register...

Fedora 7 : wpa_supplicant-0.5.7-3.fc7 (2007-0185)

A buffer overflow flaw was found in the debugging code of Fedora's version of wpasupplicant. This can be triggered by those using NetworkManager. It is recommended that users of wpasupplicant or NetworkManager update to this package and the accompanying NetworkManager packages which removes the...