CVE-2026-6238

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a targ...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the debug functions, due to unprotected /config partition. An attacker can gain unauthorized access to debugging functions without triggering the measured bo...

GO-2026-4428 EVE's Debug Functions Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve

EVE's Debug Functions Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve...

PT-2026-6530

EVE's Debug Functions Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve...

GHSA-4C4V-42HC-72P6 EVE's Debug Functions Unlockable Without Triggering Measured Boot

Impact On boot, Pillar checks for /config/GlobalConfig/global.json and overrides system configuration if present. This allows enabling debug functions like SSH debug.enable.ssh, USB keyboard debug.enable.usb, and VNC access app.allow.vnc without triggering the measured boot. Thus, a user with...

EUVD-2023-48033

EVE's Debug Functions Unlockable Without Triggering Measured Boot...

EUVD-2019-19045

Malware in sbrugna...

CVE-2023-26588

Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016...

CVE-2019-9679

Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build tim...

CVE-2023-43633 Debug Functions Unlockable Without Triggering Measured Boot

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system’s configuration, which also includes some debug functions...

CVE-2023-43633 Debug Functions Unlockable Without Triggering Measured Boot

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system’s configuration, which also includes some debug functions...

CVE-2023-43633

The CVE concerns the Pillar Eve container in EVE OS. On boot, it checks /config/GlobalConfig/global.json and, if present, overrides device configuration, enabling debug functions such as SSH via debug.enable.ssh, USB keyboard via debug.enable.usb, and VNC via app.allow.vnc. This can occur without...

PT-2023-20753 · Buffalo · Bs-Gs2008P +5

Name of the Vulnerable Software and Affected Versions: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier BS-GSL2016P firmware Ver. 1.10-0.03 and earlier BS-GSL2016 firmware Ver. 1.10-0.03 and earlier BS-GS2008 firmware Ver. 1.0.10.01 and earlier BS-GS2016 firmware Ver. 1.0.10.01 and earlier BS-GS202...

CVE-2021-23861 Possible Access to Debug Functions in Bosch VRM / BVMS

By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

Authentication flaw

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could...

CVE-2020-4954

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could...

kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure

An out-of-bounds OOB memory access flaw was found in the Qlogic ISCSI module in the Linux kernel's qedidbg family of functions in drivers/scsi/qedi/qedidbg.c. Here a local attacker with a special user privilege account or a root can cause an out-of-bound memory access leading to a system crash or...

Design/Logic Flaw

Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build tim...

CVE-2019-9679

CVE-2019-9679 affects Dahua IP cameras and related devices where several Debug functions lack proper permission separation, enabling low-privilege users to access Debug functions after logging in. Affected families include IPC-HDW1X2X/IPC-HFW1X2X/IPC-HDW2X2X/IPC-HFW2X2X/IPC-HDW4X2X/IPC-HFW4X2X/IP...