6191 matches found
CVE-2025-40011 drm/gma500: Fix null dereference in hdmi teardown
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix null dereference in hdmi teardown pcisetdrvdata sets the value of pdev-driverdata to NULL, after which the driverdata obtained from the same dev is dereferenced in oaktrailhdmii2cexit, and the i2cdev is extracted...
CVE-2025-40004 net/9p: Fix buffer overflow in USB transport layer
In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix buffer overflow in USB transport layer A buffer overflow vulnerability exists in the USB 9pfs transport layer where inconsistent size validation between packet header parsing and actual data copying allows a malicious...
kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...
Reolink Video Doorbell WiFi DB_566128M5MP_W 安全漏洞
Reolink Video Doorbell WiFi DB566128M5MPW is a visual doorbell from Reolink USA. A security vulnerability exists in Reolink Video Doorbell WiFi DB566128M5MPW, which originates from an unprotected UART serial console, and could allow a physically accessible attacker to execute arbitrary commands...
CVE-2025-60856
CVE-2025-60856 affects Reolink Video Doorbell WiFi DB_566128M5MP_W via an unsecured UART/serial console that can grant root shell access with physical access. The vulnerability arises from exposed interface allowing arbitrary command execution as root; implications include complete device comprom...
CVE-2025-60856
Reolink Video Doorbell WiFi DB566128M5MPW allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain...
PT-2025-42789
Name of the Vulnerable Software and Affected Versions ABB ALS-mini-s4 IP ABB ALS-mini-s8 IP versions with Serial Number 2000 through 5166 Description A critical issue exists in ABB ALS-mini-s4 IP and ABB ALS-mini-s8 IP devices where certain critical functions can be accessed without authenticatio...
CVE-2025-55097
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudiostreamingsamplingget when parsing a descriptor of an USB streaming device...
CVE-2025-55099
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudioalternatesettinglocate when parsing a descriptor with attacker-controlled frequency fields...
CVE-2025-55100
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudio10samparsefunc when parsing a list of sampling frequencies...
CVE-2025-55099
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudioalternatesettinglocate when parsing a descriptor with attacker-controlled frequency fields...
CVE-2025-55100
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudio10samparsefunc when parsing a list of sampling frequencies...
CVE-2025-55099
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudioalternatesettinglocate when parsing a descriptor with attacker-controlled frequency fields...
CVE-2025-55098
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudiodevicetypeget when parsing a descriptor of an USB audio device...
CVE-2025-55096
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclasshidreportdescriptorget when parsing a descriptor of an USB HID device...
CVE-2025-55097
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudiostreamingsamplingget when parsing a descriptor of an USB streaming device...
CVE-2025-55096
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclasshidreportdescriptorget when parsing a descriptor of an USB HID device...
CVE-2025-55098
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudiodevicetypeget when parsing a descriptor of an USB audio device...
CVE-2025-55100 Potential out-of-bounds read in _ux_host_class_audio10_sam_parse_func()
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudio10samparsefunc when parsing a list of sampling frequencies...
EUVD-2025-34864
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudio10samparsefunc when parsing a list of sampling frequencies...