CVE-2023-34327

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...

CVE-2023-34327

CVE-2023-34327 and CVE-2023-34328 describe Xen handling flaws in AMD x86 debugging extensions where an HVM vCPU can run under a previous vCPU’s debug mask state or a PV vCPU can place breakpoints on a live GDT. This can cause denial of service and CPU lockups. Root cause: errors in Xen’s guest-st...

PT-2024-13611 · Google · Google Pixel Watch

Name of the Vulnerable Software and Affected Versions: Google Pixel Watch affected versions not specified Description: The issue is related to a possible way to access adb before SUW completion due to an insecure default value in the checkDebuggingDisallowed function of DeviceVersionFragment.java...

CVE-2023-7080

The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary cod...

Design/Logic Flaw

The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary cod...

CVE-2023-7080 Arbitrary remote code execution within wrangler dev Workers sandbox

The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary cod...

CVE-2023-7080

The CVE-2023-7080 issue concerns the V8 inspector in Wrangler (wrangler dev) that could be reached on all network interfaces, enabling a local-network attacker to connect to the inspector and execute arbitrary code within the Workers sandbox. Root causes cited include the inspector server not val...

Error Handling in '_createAuction' Function

Lines of code Vulnerability details Potential Risk: The 'createAuction' function attempts to mint a new Verb by calling the 'verbs.mint' function. However, it lacks proper error handling for the minting process. If the minting operation fails e.g., due to insufficient gas or other reasons, the...

CVE-2023-6355

Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b distributed in 9.00.1507 MR1, 8.90 prior to vCR8.90.231204a distributed in...

Gallagher Controller 7000 Security Vulnerability

Gallagher Controller 7000 is a powerful network connectivity controller from Gallagher New Zealand. A security vulnerability exists in Gallagher Controller 7000 that originated from allowing an attacker to bypass the protection mechanism to enable local debugging. Affected products and versions:...

CVE-2021-46899

SyncTrayzor 1.1.29 enables CEF Chromium Embedded Framework remote debugging, allowing a local attacker to control the application...

CVE-2021-46899

SyncTrayzor 1.1.29 enables CEF Chromium Embedded Framework remote debugging, allowing a local attacker to control the application...

Design/Logic Flaw

SyncTrayzor 1.1.29 enables CEF Chromium Embedded Framework remote debugging, allowing a local attacker to control the application...

SyncTrayzor Security Vulnerability

SyncTrayzor is a small tray utility for Syncthing on Windows. A security vulnerability exists in SyncTrayzor version 1.1.29 that stems from enabling CEF remote debugging, allowing a local attacker to take control of the application...

PT-2023-12619 · Unknown +1 · Synctrayzor +1

Name of the Vulnerable Software and Affected Versions: SyncTrayzor version 1.1.29 Description: The issue allows a local attacker to control the application due to the enabled CEF Chromium Embedded Framework remote debugging. Recommendations: For SyncTrayzor version 1.1.29, consider disabling the...

CVE-2021-46899

SyncTrayzor 1.1.29 enables CEF Chromium Embedded Framework remote debugging, allowing a local attacker to control the application...

CVE-2021-46899

CVE-2021-46899 affects SyncTrayzor 1.1.29. The issue arises from enabling Chromium Embedded Framework (CEF) remote debugging, which allows a local attacker to control the application. According to NVD, the CVSSv3.1 base score is 7.8 (HIGH) with LOCAL attack vector, LOW attack complexity, and LOW ...

CVE-2023-40463

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

Design/Logic Flaw

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

CVE-2023-40463

CVE-2023-40463 affects Sierra Wireless AirLink ALEOS firmware (versions 4.16 and earlier). The root cause is in debugging mode: when enabled by an authenticated user with administrative privileges, ALEOS stores the SHA-512 hash of the common root password in a directory accessible to a user with ...