The vulnerability of the USB CCID component of the VMware Workstation virtualization platform and the VMware Fusion hypervisor allows a hacker to disclose protected information.

The vulnerability of the USB CCID component of the VMware Workstation virtualization platform and the VMware Fusion hypervisor is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information that i...

kernel: drivers/usb/storage/ene_ub6250.c

An out-of-bounds memory access flaw was found in the Linux kernel ENE SD/MS Card reader driver. This issue occurs when using a malicious USB device, which could allow a local user to crash the system...

kernel: drivers/usb/storage/ene_ub6250.c

An out-of-bounds memory access flaw was found in the Linux kernel ENE SD/MS Card reader driver. This issue occurs when using a malicious USB device, which could allow a local user to crash the system...

CVE-2023-0248

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader...

CVE-2023-0248

CVE-2023-0248 affects Kantech Gen1 ioSmart card reader firmware versions prior to 1.7.02. The vulnerability allows an attacker with physical access to recover the reader’s communication memory between the card and reader in certain circumstances. Reported CVSS v3.1 base scores include a 7.5 HIGH ...

CVE-2023-0248 Kantech Gen1 ioSmart card reader

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader...

PT-2023-16111 · Kantech · Kantech Gen1 Iosmart Card Reader

Name of the Vulnerable Software and Affected Versions: Kantech Gen1 ioSmart card reader versions prior to 1.07.02 Description: An attacker with physical access to the Kantech Gen1 ioSmart card reader in certain circumstances can recover the reader's communication memory between the card and reade...

USN-6532-1: Linux kernel vulnerabilities

Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. CVE-2023-20593 Yu Hao discovered that the UBI driver in the Linux kernel did not properly check...

Ubuntu: Security Advisory (USN-6494-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6494-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6494-1: Linux kernel vulnerabilities

Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service system crash. CVE-2023-31085 Lucas Leong discovered that the netfilter subsystem in the...

Authentication flaw

Improper authentication in some IntelR NUC Kits NUC7PJYH and NUC7CJYH Realtek SD Card Reader Driver installation software before version 10.0.19041.29098 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-32661

The CVE pertains to Intel NUC Kits NUC7PJYH and NUC7CJYH Realtek SD Card Reader Driver installer prior to version 10.0.19041.29098, where improper authentication could allow an authenticated local user to escalate privileges. Product: Intel NUC Software/Driver installer for these models; underlyi...

CVE-2023-32661

Improper authentication in some IntelR NUC Kits NUC7PJYH and NUC7CJYH Realtek SD Card Reader Driver installation software before version 10.0.19041.29098 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-45862

An out-of-bounds memory access flaw was found in the Linux kernel ENE SD/MS Card reader driver. This issue occurs when using a malicious USB device, which could allow a local user to crash the system. Mitigation To mitigate this issue, prevent module ums-eneub6250 from being loaded. Please see...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of Linux kernel prior to 6.2.5, which stems from a problem with the card reader driver, where objects may go beyond the end of their...

USN-6231-1: Linux kernel (OEM) vulnerabilities

It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service system crash. CVE-2023-212...

Researchers Find Way to Recover Cryptographic Keys by Analyzing LED Flickers

In what's an ingenious side-channel attack, a group of academics has found that it's possible to recover secret keys from a device by analyzing video footage of its power LED. "Cryptographic computations performed by the CPU change the power consumption of the device which affects the brightness ...

Power LED Side-Channel Attack

This is a clever new side-channel attack: The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader­--or of an attached peripheral device--­during cryptographic operations. This technique allowed the researchers to pull a...

CVE-2022-32959

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipula...