Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure Vulnerability

Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive...

Barracuda WAF V360 Firmware 8.0.1.014 Early Boot Root Shell

KL-001-2017-010 : Barracuda WAF Early Boot Root Shell Title: Barracuda WAF Early Boot Root Shell Advisory ID: KL-001-2017-010 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-010.txt 1. Vulnerability Details Affected Vendor: Barracuda Affect...

Barracuda WAF Internal Development Credential Disclosure

Vulnerability Details Affected Vendor: Barracuda Affected Product: Web Application Firewall V360 Affected Version: Firmware v8.0.1.014 Platform: Embedded Linux CWE Classification: CWE-489: Leftover Debug Code, CWE-200: Information Exposure Impact: Privileged Access Attack vector: Code Review 2...

Multiple Lenovo VIBE phones privilege access vulnerability

Android 6.0 Marshmallow is a Linux-based open source operating system developed by Google and the Open Handset Alliance OHA in the U.S. The Lenovo A2010-a and other smartphone products from China's Lenovo use the Android 6.0 Marshmallow operating system. The Lenovo A2010-a is a smartphone from...

Multiple Lenovo VIBE phones elevation of privilege vulnerability

Android 6.0 Marshmallow is a Linux-based open source operating system developed by Google and the Open Handset Alliance OHA in the U.S. The Lenovo A2010-a and other smartphone products from China's Lenovo use the Android 6.0 Marshmallow operating system. The Lenovo A2010-a is a smartphone from...

Microsoft Machine Debug Manager (mdm) DLL Hijacking

Microsoft Machine Debug Manager mdm DLL side loading vulnerability Vulnerability: DLL Hijacking / DLL Side Loading Advisory URL: https://ipositivesecurity.com/2017/06/15/microsoft-machine-debug-manager-mdm-insecure-library-loading-allows-code-execution/ ------------------------ ABOUT...

CVE-2017-3750

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749...

CVE-2017-3749

On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750...

Privilege escalation

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749...

CVE-2017-3750

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749...

CVE-2017-3750

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749...

LineageOS 'msm_bus_dbg.c' null pointer references denial of service leaks

LineageOS is an open source operating system based on Android for smartphones and tablets. androidkernelhuaweimsm8916 is a processor. The androidkernelhuaweimsm8916 2017-06-16 and earlier versions of LineageOS have a 'msmbusdbg' in the drivers/platform/msm/msmbus/msmbusdbg.c file...

Local Root Exploit on Lenovo VIBE Mobile Phones - Lenovo Support US

No description provided...

CVE-2017-7518

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack. A user/process inside a guest could use this flaw to...

Vulners Cloud Agents for Vulnerability Management

A very good news! Vulners Team is ready to present complete functionality for vulnerability audit. And it's not just an Audit API that you have to use somehow in your own scripts, but an enterprise ready product, like agent-based vulnerability scanning in Qualys and Tenable. You can try it for...

CVE-2017-6899

The msmbusdbgupdaterequestwrite function in drivers/platform/msm/msmbus/msmbusdbg.c in androidkernelhuaweimsm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM devices, allows attackers to cause a denial of service NULL pointer dereference and device crash via a crafted...

Nexus 9 vs. Malicious Headphones, Take Two

Nexus 9 vs. Malicious Headphones, Take Two In March 2017 we disclosed CVE-2017-0510, a critical vulnerability in Nexus 9, that allowed for quite unique an attack by malicious headphones. Interestingly, its patch was insufficient. We had responsibly reported that finding CVE-2017-0648 to Google,...

Integer overflow

In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality...

CVE-2014-9964

In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality...

CVE-2014-9964

Technical details about CVE-2014-9964 (affected components, root cause, affected versions, exploitability, remediation) are not publicly provided in the connected documents. Monitor for updates from official sources (NVD, Android bulletins) for specifics.