6256 matches found
CVE-2025-1367
A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been classified as critical. This affects the function sprintf of the component USB Password Handler. The manipulation leads to buffer overflow. An attack has to be approached locally. The vendor was contacted early...
PT-2025-25815
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.0-rc7+ Description A vulnerability in the Linux kernel has been resolved. The issue was observed on a SAMA5D27 platform using atmel serial, where a warning was emitted when trying to toggle flow control in a...
IXON IXrouter IX2400 安全漏洞
The IXON IXrouter IX2400 is an industrial router from the Dutch company IXON. A security vulnerability exists in the IXON IXrouter IX2400 version v3.0, which stems from the inclusion of hard-coded root credentials that allow a physically proximate attacker to gain root access via UART or SSH...
The vulnerability in the software web interface for controlling power supply units like PowerChute Serial Shutdown allows a intruder to trigger a service failure.
The vulnerability in the software web interface for controlling power supply units like PowerChute Serial Shutdown is related to improper authentication. Exploiting this vulnerability could allow an attacker, operating remotely, to cause a service failure...
CVE-2024-37601
An issue was discovered in Mercedes Benz NTG New Telematics Generation 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause t...
CVE-2023-34402
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights...
CVE-2023-34401
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory...
CVE-2023-34400
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer...
CVE-2024-36080
Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...
kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
A vulnerability was found in the Linux kernel's USB Video Class driver. A buffer for video frame data is allocated, which does not account for all of the frame formats contained in a video stream, leading to an out-of-bounds write when a stream includes frames with an undefined format. An attacke...
CVE-2025-26409
A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed in...
CVE-2025-24956
A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...
SUSE CVE-2025-21695
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-uart-backlight: fix serdev race The delluartblserdevprobe function calls devmserdevdeviceopen before setting the client ops via serdevdevicesetclientops. This ordering can trigger a NULL pointer dereference in...
Mercedes-Benz NTG 安全漏洞
Mercedes-Benz NTG is an automobile from Mercedes-Benz Germany. A security vulnerability exists in Mercedes-Benz NTG 6 that originates from a file parsing failure when importing or exporting profile settings via USB...
Mercedes-Benz NTG 安全漏洞
Mercedes-Benz NTG is an automobile from Mercedes-Benz Germany. A security vulnerability exists in Mercedes-Benz NTG that originates from a service crash when importing or exporting profile settings via USB...
UBUNTU-CVE-2025-21695
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-uart-backlight: fix serdev race The delluartblserdevprobe function calls devmserdevdeviceopen before setting the client ops via serdevdevicesetclientops. This ordering can trigger a NULL pointer dereference in...
kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
A vulnerability was found in the Linux kernel's USB Video Class driver. A buffer for video frame data is allocated, which does not account for all of the frame formats contained in a video stream, leading to an out-of-bounds write when a stream includes frames with an undefined format. An attacke...
CVE-2025-24956
A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...
CVE-2025-24956
A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...
CVE-2025-24956
A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...