CleverDisplay BlueOne 安全漏洞

CleverDisplay BlueOne is an industrially controlled embedded hardware device from CleverDisplay, Netherlands. A security vulnerability exists in CleverDisplay BlueOne that originates from improper physical closure of the USB interface, which could result in the exposure of internal system...

PT-2025-50938

The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-2501)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : x86/mce: Work around an erratum on fast string copy instructionsCVE-2022-49124 net: preserve skbendoffset in skbunclonekeeptruesizeCVE-2022-49142...

Schneider Electric PowerChute Serial Shutdown Installed (Linux)

Binary data schneiderelectricpowerchuteserialshutdownnixinstalled.nbin...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991129)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991129 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: slab-out-of-bounds read in brcmfgetassocies Fix a slab-out-of-bounds read that...

EUVD-2025-202620

The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet device can disassemble the device, connect over UART, and retrieve the firmware dump for analysis. Within the NVS partition they may discover the credentials of the current and...

CVE-2025-65825

The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet device can disassemble the device, connect over UART, and retrieve the firmware dump for analysis. Within the NVS partition they may discover the credentials of the current and...

CVE-2025-65825

The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet device can disassemble the device, connect over UART, and retrieve the firmware dump for analysis. Within the NVS partition they may discover the credentials of the current and...

CVE-2025-65821

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

CVE-2025-65821

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

CVE-2025-64447

A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute...

CVE-2025-41696

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...

CVE-2025-41697

An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692...

CVE-2023-53784

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: dwhdmi: fix connector access for scdc Commit 5d844091f237 "drm/scdc-helper: Pimp SCDC debugs" changed the scdc interface to pick up an i2c adapter from a connector instead. However, in the case of dw-hdmi, the wrong...

SUSE CVE-2023-53858

In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsungtty: Fix a memory leak in s3c24xxserialgetclk in case of error If clkgetrate fails, the clk that has just been allocated needs to be freed...

CVE-2025-65825

The CVE-2025-65825 entry affects Meatmeet basestation firmware where the firmware image is not encrypted. The root cause is unencrypted firmware dumping via UART after physical access, enabling an attacker to extract the firmware and access credentials stored in the NVS partition for current and ...

PT-2025-50500

Name of the Vulnerable Software and Affected Versions Meatmeet affected versions not specified Description The firmware on the Meatmeet basestation is not encrypted. An attacker with physical access can retrieve the firmware dump via UART, potentially discovering credentials for current and...

PT-2025-50496

Name of the Vulnerable Software and Affected Versions ESP32 affected versions not specified Description An enabled UART download mode on the ESP32 chip allows an attacker to extract sensitive data from the flash memory, including Wi-Fi network details stored in the NVS partition. This access also...

CVE-2025-65231

Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Scripting XSS in the Web UI I/O & Serial configuration page, specifically the CTS close command user-input field which is stored and later rendered on the Status page...

EUVD-2025-201893

An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692...