The vulnerability of the Windows USB Video Class System Driver for Windows operating systems allows attackers to gain elevated privileges.

The vulnerability of the Windows USB Video Class System Driver for Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the Windows USB Video Class System Driver for Windows operating systems allows attackers to gain elevated privileges.

The vulnerability of the Windows USB Video Class System Driver for Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...

Digital Guardian Agent 安全漏洞

Digital Guardian Agent is a widely used data protection platform for cloud environments from US-based Digital Guardian, Inc. It can discover, categorize and control the movement of data across endpoints, networks and clouds. A security vulnerability exists in Digital Guardian Agent versions prior...

CVE-2024-48971

The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges...

CVE-2024-48973 Debug port on Life2000 Ventilator serial interface is enabled by default

The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port which are unencrypted; see 3.2.1 that result in unauthorized disclosure of information and/or have unintended impacts on device settings and...

CVE-2024-48973 Debug port on Life2000 Ventilator serial interface is enabled by default

The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port which are unencrypted; see 3.2.1 that result in unauthorized disclosure of information and/or have unintended impacts on device settings and...

CVE-2024-9834

Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance...

CVE-2024-48971 Clinician Password and Serial Number Clinician Password are hard-coded in Life2000 Ventilator

The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges...

CVE-2024-48971 Clinician Password and Serial Number Clinician Password are hard-coded in Life2000 Ventilator

The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges...

CVE-2024-9832 No limit on failed login attempts with Clinician Password or Serial Number Clinician Password on Life2000 Ventilator

There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the...

CLSA-2024-1731606243 Fix of 67 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-42265 - protect the fetch of -fdfd in dodup2 from mispredictions CVE-url: https://ubuntu.com/security/CVE-2024-47669 - nilfs2: fix state management in error path of log writing function CVE-url: https://ubuntu.com/security/CVE-2023-52918 - media: pci:...

CLSA-2024-1731605761 Fix of 67 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-42265 - protect the fetch of -fdfd in dodup2 from mispredictions CVE-url: https://ubuntu.com/security/CVE-2024-47669 - nilfs2: fix state management in error path of log writing function CVE-url: https://ubuntu.com/security/CVE-2023-52918 - media: pci:...

Baxter Life2000 安全漏洞

The Baxter Life2000 is a mask-less noninvasive ventilator from Baxter. A security vulnerability exists in the Baxter Life2000 that stems from an unlimited number of login failures allowed using the clinician password or serial number clinician password, which allows an attacker to perform a brute...

Baxter Life2000 安全漏洞

The Baxter Life2000 is a mask-less non-invasive ventilator from Baxter. A security vulnerability exists in the Baxter Life2000 that stems from improper data protection on the ventilator's serial interface, which could allow an attacker to send and receive messages that could have an unintended...

PT-2024-39874 · Unknown · Ventilator

Name of the Vulnerable Software and Affected Versions: Ventilator affected versions not specified Description: The issue concerns improper data protection on the ventilator's serial interface. This could allow an attacker to send and receive messages, resulting in unauthorized disclosure of...

PT-2024-39873 · Unknown · Ventilator

Name of the Vulnerable Software and Affected Versions: Ventilator affected versions not specified Description: The issue allows for an unlimited number of failed login attempts with the Clinician Password or the Serial Number Clinician Password. This enables an attacker to perform a brute-force...

PT-2024-33307 · Unknown · Ventilator

Name of the Vulnerable Software and Affected Versions: Ventilator affected versions not specified Description: The ventilator's serial interface has its debug port enabled by default, allowing an attacker to send and receive unencrypted messages. This could result in unauthorized disclosure of...

PT-2024-33306 · Unknown · Ventilator

Name of the Vulnerable Software and Affected Versions: Ventilator affected versions not specified Description: The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator a...

USN-7089-4 linux-oem-6.8 vulnerabilities

Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. CVE-2024-25741 Several security issues were discovered in the Linux kernel. An...

The vulnerability of the serial/pmac_zilog components of the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the serial/pmaczilog components of the Linux operating system’s kernel is related to improper locking of resources in the pmzreceivechars function. Exploiting this vulnerability can allow an attacker to cause a service failure...