Missing connection timeout in Aardvark-dns

A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They contain a denial of service vulnerability due to serial processing of TCP DNS queries. This flaw allows a malicious client to keep a TCP connection open indefinitely, causing other DNS queries to time out and resulting in a denial ...

CVE-2024-8418

A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing...

DEBIAN-CVE-2024-8418

A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing...

SUSE CVE-2024-45620

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accesse...

CVE-2024-41927

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated...

CVE-2024-41927

The CVE-2024-41927 entry covers a cleartext transmission of sensitive information in multiple IDEC PLCs (CWE-319). Affected products include IDEC’s FC6A/FC6B MICROSmart modules (various firmware versions) and FT1A/FT1B lines, with specific version ceilings noted in vendor advisories. The root cau...

CVE-2024-41927

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated...

CVE-2024-41927

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a TX FIFO data corruption vulnerability in the serial: sc16is7xx component...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unset descriptor checking vulnerability in the usb: gadget: core component...

Missing connection timeout in Aardvark-dns

A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They contain a denial of service vulnerability due to serial processing of TCP DNS queries. This flaw allows a malicious client to keep a TCP connection open indefinitely, causing other DNS queries to time out and resulting in a denial ...

The vulnerability of the Linux operating system’s kernel component, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s kernel component, “gadget”, is related to an error in memory management after freeing memory due to the failure to configure “udc→dev.driver”. Exploiting this vulnerability can allow an attacker to cause a service failure...

AZL-48732 CVE-2024-45617 affecting package opensc for versions less than 0.26.1-1

A vulnerability was found in OpenSC, OpenSC tools, PKCS11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to...

AZL-48711 CVE-2024-45620 affecting package opensc for versions less than 0.26.1-1

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accesse...

UBUNTU-CVE-2024-45619

A vulnerability was found in OpenSC, OpenSC tools, PKCS11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer...

PT-2024-9396

Name of the Vulnerable Software and Affected Versions: OpenSC affected versions not specified Description: A buffer overflow issue in OpenSC tools and modules allows an attacker to potentially gain unauthorized access to protected information. The vulnerability can be exploited by using a crafted...

PT-2024-9395 · Opensc +5 · Opensc +5

Name of the Vulnerable Software and Affected Versions: OpenSC pkcs15-init tool affected versions not specified Description: The issue is related to a buffer overflow in the pkcs15-init tool of the OpenSC software suite. An attacker could exploit this by using a specially crafted USB device or sma...

Lantronix Telnet Password Recovery

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lantronix Telnet Password Recovery', 'Description' = %q This module retrieves the setup record from Lantronix serial-to-ethernet devices via the...

2Wire Cross-Site Request Forgery Password Reset

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "2Wire Cross-Site Request Forgery Password Reset Vulnerability", 'Description' = %q This module will reset the admin password on a 2Wire wireless...

CVE-2024-43893

A divide by zero vulnerability was found in the uartgetdivisor function in the Linux Kernel's serial core subsystem. This issue is caused by the improper handling of invalid baud rates. When an invalid baudbase is specified using the TIOCSSERIAL ioctl command, if uartclk is zero, a subsequent cal...