Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the nvmet module when destroying controllers, if during qp creation, there may be a small window that...

UBUNTU-CVE-2024-42087

In the Linux kernel, the following vulnerability has been resolved: drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep The ilitek-ili9881c controls the reset GPIO using the non-sleeping gpiodsetvalue function. This complains loudly when the GPIO controller needs to sleep. As...

CVE-2024-42087 drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep

In the Linux kernel, the following vulnerability has been resolved: drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep The ilitek-ili9881c controls the reset GPIO using the non-sleeping gpiodsetvalue function. This complains loudly when the GPIO controller needs to sleep. As...

The vulnerability of microprogrammed software in Modicon Controllers allows a hacker to perform a cross-site scripting attack.

The vulnerability of Microprogrammed Software on Modicon Controllers is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform a cross-site scripting attack remotely...

New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems ICS-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January. Industrial cybersecurity firm Dragos has dubbed the...

The vulnerability of microprogrammed software in programmable logic controllers such as ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, CompactLogix 5480, CompactGuardLogix 5380, and 1756-EN4TR lies in insufficient validation of input data. This allows a malicious actor to trigger malfunctions during maintenance operations.

The vulnerability of microprogrammed software in programmable logic controllers such as ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, CompactLogix 5480, Compact GuardLogix 5380, and 1756-EN4TR is related to insufficient validation of input data. Exploiting this vulnerability can allow an...

Schneider Electric Modicon Controllers Improper Neutralization of Input During Web Page Generation (CVE-2024-6528)

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim's browser run arbitrary JavaScript when they visit a page containing the...

Virtual Desktop Agent Registration with Controllers in XenDesktop

Virtual Desktop Agent Registration with Controllers in XenDesktop. Event ID: 1022 Event ID: 1001 For successful installation, re-install Virtual Desktop 5.5. After the installation is successful, the following message is displayed: “Unable to initialize new components. The machine will register a...

CVE-2024-40927

In the Linux kernel, the following vulnerability has been resolved: xhci: Handle TD clearing for multiple streams case When multiple streams are in use, multiple TDs might be in flight when an endpoint is stopped. We need to issue a Set TR Dequeue Pointer for each, to ensure everything is reset...

PT-2024-19805 · Unknown · Controller 6000 +1

Name of the Vulnerable Software and Affected Versions: Controller 6000 and Controller 7000 versions 8.60 and prior Controller 6000 and Controller 7000 versions 8.70 prior to vCR8.70.240520a Controller 6000 and Controller 7000 versions 8.80 prior to vCR8.80.240520a Controller 6000 and Controller...

PT-2024-5156 · Schneider Electric · Modicon Controllers

Name of the Vulnerable Software and Affected Versions: Modicon Controllers affected versions not specified Description: A cross-site scripting condition exists due to improper neutralization of input during web page generation. This could allow an attacker to have a victim's browser run arbitrary...

CVE-2024-32754 Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information...

CVE-2024-32754 Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information...

CVE-2024-24791 vulnerabilities

Vulnerabilities for packages: datadog-agent, caddy, fulcio, http-echo, kube-bench, opa, rabbitmq-messaging-topology-operator, kube-state-metrics, git-lfs, snyk-cli, metacontroller, newrelic-nri-statsd, haproxy-ingress, cadvisor, sonobuoy, prometheus-pushgateway, zot, falcosidekick, petname,...

Johnson Controls Kantech Door Controllers

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.1 ATTENTION : Exploitable via adjacent network Vendor : Johnson Controls, Inc. Equipment : Kantech KT1, KT2, KT400 Door Controllers Vulnerability : Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of...

Multiple vulnerabilities in TP-Link Omada system could lead to root access

The TP-Link Omada system is a software-defined networking solution for small to medium-sized businesses. It touts cloud-managed devices and local management for all Omada devices. The supported devices in this ecosystem vary greatly but include wireless access points, routers, switches, VPN devic...

SUSE CVE-2024-38620

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCIAMP support Since BTHS has been remove HCIAMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP an...

PT-2024-26277 · Unknown · Create A Quote In Frontend + Backend Pro

Name of the Vulnerable Software and Affected Versions: Complete for Create a Quote in Frontend + Backend Pro module versions = 1.0.51 Description: The issue allows attackers to view sensitive information and cause other impacts. This is achieved via methods such as...

PT-2024-27249 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the GuC context scheduling queue, which is 2 entries deep. If a migration job is stuck behind a fault and the migration exec queue shares engines with user jobs...

CVE-2024-38620

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCIAMP support Since BTHS has been remove HCIAMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP an...