Lucene search
K

6256 matches found

OSV
OSV
added 2025/02/17 1:15 a.m.3 views

CVE-2025-1367

A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been classified as critical. This affects the function sprintf of the component USB Password Handler. The manipulation leads to buffer overflow. An attack has to be approached locally. The vendor was contacted early...

4.8CVSS5.7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/17 12:0 a.m.6 views

PT-2025-25815

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.0-rc7+ Description A vulnerability in the Linux kernel has been resolved. The issue was observed on a SAMA5D27 platform using atmel serial, where a warning was emitted when trying to toggle flow control in a...

5.5CVSS6.6AI score0.00156EPSS
Exploits0
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.3 views

IXON IXrouter IX2400 安全漏洞

The IXON IXrouter IX2400 is an industrial router from the Dutch company IXON. A security vulnerability exists in the IXON IXrouter IX2400 version v3.0, which stems from the inclusion of hard-coded root credentials that allow a physically proximate attacker to gain root access via UART or SSH...

5.4CVSS6.9AI score0.0017EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/02/14 12:0 a.m.12 views

The vulnerability in the software web interface for controlling power supply units like PowerChute Serial Shutdown allows a intruder to trigger a service failure.

The vulnerability in the software web interface for controlling power supply units like PowerChute Serial Shutdown is related to improper authentication. Exploiting this vulnerability could allow an attacker, operating remotely, to cause a service failure...

5.3CVSS5.5AI score0.00959EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/02/13 11:15 p.m.6 views

CVE-2024-37601

An issue was discovered in Mercedes Benz NTG New Telematics Generation 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause t...

4.6CVSS6.1AI score
Exploits0References1
OSV
OSV
added 2025/02/13 11:15 p.m.5 views

CVE-2023-34402

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights...

7.7CVSS5.8AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2025/02/13 11:15 p.m.4 views

CVE-2023-34401

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory...

3.7CVSS7.1AI score
Exploits0References1
OSV
OSV
added 2025/02/13 10:15 p.m.3 views

CVE-2023-34400

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer...

7.5CVSS5.8AI score0.00624EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/13 5:23 p.m.12 views

CVE-2024-36080

Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

9.8CVSS7.1AI score0.00551EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/02/13 2:51 p.m.6 views

kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

A vulnerability was found in the Linux kernel's USB Video Class driver. A buffer for video frame data is allocated, which does not account for all of the frame formats contained in a video stream, leading to an out-of-bounds write when a stream includes frames with an undefined format. An attacke...

7.8CVSS7.5AI score0.03301EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/02/13 11:47 a.m.7 views

CVE-2025-26409

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed in...

6.8CVSS6.6AI score0.00313EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/13 11:45 a.m.5 views

CVE-2025-24956

A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...

9.8CVSS7.1AI score0.00369EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/02/13 12:20 a.m.3 views

SUSE CVE-2025-21695

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-uart-backlight: fix serdev race The delluartblserdevprobe function calls devmserdevdeviceopen before setting the client ops via serdevdevicesetclientops. This ordering can trigger a NULL pointer dereference in...

5.5CVSS7.6AI score0.00168EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.5 views

Mercedes-Benz NTG 安全漏洞

Mercedes-Benz NTG is an automobile from Mercedes-Benz Germany. A security vulnerability exists in Mercedes-Benz NTG 6 that originates from a file parsing failure when importing or exporting profile settings via USB...

7.5CVSS7.5AI score0.00624EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.4 views

Mercedes-Benz NTG 安全漏洞

Mercedes-Benz NTG is an automobile from Mercedes-Benz Germany. A security vulnerability exists in Mercedes-Benz NTG that originates from a service crash when importing or exporting profile settings via USB...

7.5CVSS7.6AI score0.00587EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.1 views

UBUNTU-CVE-2025-21695

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-uart-backlight: fix serdev race The delluartblserdevprobe function calls devmserdevdeviceopen before setting the client ops via serdevdevicesetclientops. This ordering can trigger a NULL pointer dereference in...

4.7CVSS6.5AI score0.00168EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/02/11 11:22 a.m.6 views

kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

A vulnerability was found in the Linux kernel's USB Video Class driver. A buffer for video frame data is allocated, which does not account for all of the frame formats contained in a video stream, leading to an out-of-bounds write when a stream includes frames with an undefined format. An attacke...

7.8CVSS7.5AI score0.03301EPSS
Exploits1References8
OSV
OSV
added 2025/02/11 11:15 a.m.3 views

CVE-2025-24956

A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...

9.8CVSS6AI score0.00369EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/11 10:29 a.m.6 views

CVE-2025-24956

A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...

6.9CVSS0.00369EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/11 10:29 a.m.5 views

CVE-2025-24956

A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...

6.9CVSS6.4AI score0.00369EPSS
Exploits0References1
Rows per page
Query Builder