Gallagher Controller 7000 Security Vulnerability

Gallagher Controller 7000 is a powerful network connectivity controller from Gallagher New Zealand. A security vulnerability exists in Gallagher Controller 7000 that originated from allowing an attacker to bypass the protection mechanism to enable local debugging. Affected products and versions:...

The vulnerability of the ALEOS operating system’s debugging mode in wireless routers from Sierra Wireless—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—allows a hacker to gain unauthorized access to protected information.

The vulnerability of the ALEOS operating system’s debugging mode for Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—is related to the use of strictly encrypted credentials. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

CVE-2021-46899

SyncTrayzor 1.1.29 enables CEF Chromium Embedded Framework remote debugging, allowing a local attacker to control the application...

CVE-2021-46899

SyncTrayzor 1.1.29 enables CEF Chromium Embedded Framework remote debugging, allowing a local attacker to control the application...

CVE-2021-46899

SyncTrayzor 1.1.29 enables CEF Chromium Embedded Framework remote debugging, allowing a local attacker to control the application...

Design/Logic Flaw

SyncTrayzor 1.1.29 enables CEF Chromium Embedded Framework remote debugging, allowing a local attacker to control the application...

SyncTrayzor Security Vulnerability

SyncTrayzor is a small tray utility for Syncthing on Windows. A security vulnerability exists in SyncTrayzor version 1.1.29 that stems from enabling CEF remote debugging, allowing a local attacker to take control of the application...

PT-2023-12619 · Unknown +1 · Synctrayzor +1

Name of the Vulnerable Software and Affected Versions: SyncTrayzor version 1.1.29 Description: The issue allows a local attacker to control the application due to the enabled CEF Chromium Embedded Framework remote debugging. Recommendations: For SyncTrayzor version 1.1.29, consider disabling the...

CVE-2021-46899

CVE-2021-46899 affects SyncTrayzor 1.1.29. The issue arises from enabling Chromium Embedded Framework (CEF) remote debugging, which allows a local attacker to control the application. According to NVD, the CVSSv3.1 base score is 7.8 (HIGH) with LOCAL attack vector, LOW attack complexity, and LOW ...

CVE-2021-46899

SyncTrayzor 1.1.29 enables CEF Chromium Embedded Framework remote debugging, allowing a local attacker to control the application...

CVE-2023-40463

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

Design/Logic Flaw

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

CVE-2023-40463

CVE-2023-40463 affects Sierra Wireless AirLink ALEOS firmware (versions 4.16 and earlier). The root cause is in debugging mode: when enabled by an authenticated user with administrative privileges, ALEOS stores the SHA-512 hash of the common root password in a directory accessible to a user with ...

CVE-2023-40463 Use of Hard-Coded Credentials

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

CVE-2023-28895

The password for access to the debugging console of the PoWer Controller chip PWC of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III 3V3 - 2.0 TD...

CVE-2023-28895

The password for access to the debugging console of the PoWer Controller chip PWC of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III 3V3 - 2.0 TD...

CVE-2023-28895

The CVE-2023-28895 entry concerns Škoda MIB3 infotainment’s PoWer Controller (PWC) with a hard-coded password in the firmware. This allows an attacker with physical access to gain full control of the PWC chip on Škoda Superb III (3V3) 2.0 TDI (2022). Connected documents confirm the hardware/softw...

[SECURITY] Fedora 38 Update: gst-devtools-1.22.7-1.fc38

Development and debugging tools for GStreamer...

kernel: mm/slab_common: slab_caches list corruption after kmem_cache_destroy()

In the Linux kernel, the following vulnerability has been resolved: mm/slabcommon: fix slabcaches list corruption after kmemcachedestroy After the commit in Fixes:, if a module that created a slab cache does not release all of its allocated objects before destroying the cache at rmmod time, we...

Zyxel ATP Security Vulnerability

Zyxel ATP is a firewall from China Heqin Zyxel. A security vulnerability exists in the Zyxel ATP series that stems from an incorrect privilege management vulnerability when debugging CLI commands, which allows an authenticated, local attacker to access system files on the affected device. Affecte...