CVE-2021-35954

fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug SWD feature...

CVE-2020-8157

UniFi Cloud Key firmware = v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface UART...

CVE-2020-27402

The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port UART connection or using adb...

CVE-2020-27174

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host...

CVE-2019-14456

Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system connected to a serial port on an Opengear console server sends crafted text to a serial port that has logging enabled, the text will b...

CVE-2019-9725

The Web manager aka Commander on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting...

CVE-2013-2798

Schweitzer Engineering Laboratories SEL SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service infinite loop via crafted input over a serial line...

CVE-2013-2789

The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service master-station infinite loop via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service...

CVE-2001-1520

Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant PDA via Rextools, and capturing the cleartext PIN...

CVE-2002-2203

Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information...

USN-7517-2 linux-ibm-5.4 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - Block layer subsystem; - Drivers core; - Network block device driver;...

SUSE CVE-2025-37986

In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after a Type-C partner disconnects, this patch clears the pointers upon partner unregistration. This ensures a...

DEBIAN-CVE-2025-37986

In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after a Type-C partner disconnects, this patch clears the pointers upon partner unregistration. This ensures a...

UBUNTU-CVE-2025-37985

In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdmopen and wdmwwanportstop Clearing WDMWWANINUSE must be the last action or we can open a chardev whose URBs are still poisoned...

CVE-2025-37896 spi: spi-mem: Add fix to avoid divide error

In the Linux kernel, the following vulnerability has been resolved: spi: spi-mem: Add fix to avoid divide error For some SPI flash memory operations, dummy bytes are not mandatory. For example, in Winbond SPINAND flash memory devices, the writecache and updatecache operation variants have zero...

USN-7521-1 linux, linux-azure, linux-azure-6.11, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oem-6.11, linux-raspi, linux-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Serial ATA and Parallel...

CVE-2025-4886

A vulnerability classified as critical was found in itsourcecode Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/productupdate.php. The manipulation of the argument serial leads to sql injection. The attack can be launched remotely. Th...

CVE-2025-4885

A vulnerability classified as critical has been found in itsourcecode Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/productadd.php. The manipulation of the argument serial leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

itsourcecode Sales and Inventory System 注入漏洞

itsourcecode Sales and Inventory System is itsourcecode open source a sales and inventory system . An injection vulnerability exists in itsourcecode Sales and Inventory System version 1.0, which results from SQL injection due to incorrect manipulation of the parameter serial in the file...

itsourcecode Sales and Inventory System 注入漏洞

itsourcecode Sales and Inventory System is itsourcecode open source a sales and inventory system . An injection vulnerability exists in itsourcecode Sales and Inventory System version 1.0, which results from SQL injection due to incorrect manipulation of the parameter serial in the file...