CVE-2023-36826

Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the...

CVE-2023-1618

Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and i...

CVE-2023-6355

Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b distributed in 9.00.1507 MR1, 8.90 prior to vCR8.90.231204a distributed in...

CVE-2023-33743

TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Access Control; specifically, Android Debug Bridge adb is available...

CVE-2022-33187

Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information...

CVE-2022-43691

Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information secrets in environment variables and server information when Debug Mode is left on in production...

CVE-2022-25786

Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7...

CVE-2022-25489

Atom CMS v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the "A" parameter in /widgets/debug.php...

CVE-2022-43666

Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-43977

An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p03.2.2.17p04.7p0. The debug port accessible via TCP a qconn service lacks access control...

CVE-2022-24797

Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. This...

CVE-2022-24660

The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext...

The vulnerability of the `debug_event_write_work_handler()` function in the `drivers/gpu/drm/amd/amdkfd/kfddebug.c` driver, a driver for supporting Direct Rendering Infrastructure (DRI) in AMD graphics cards for Linux operating systems, allows a hacker to trigger a service failure.

The vulnerability of the debugeventwriteworkhandler function in the drivers/gpu/drm/amd/amdkfd/kfddebug.c file, a driver for AMD Direct Rendering Infrastructure DRI graphics cards for Linux operating systems, is related to pointer manipulation. Exploiting this vulnerability could allow an attacke...

CVE-2022-20089

In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06240397; Issue ID: ALPS06240397...

CVE-2022-40866

Tenda W20E router V15.11.0.6 USW20EV4.0brV15.11.0.610681546841CNTDC contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/...

CVE-2022-37074

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function switchdebuginfoset...

CVE-2022-46140

Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system...

CVE-2022-33757

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance...

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

CVE-2022-28170

Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file...