CVE-2024-39675

A vulnerability has been identified in RUGGEDCOM RMC30 All versions V4.3.10, RUGGEDCOM RMC30NC All versions V4.3.10, RUGGEDCOM RP110 All versions V4.3.10, RUGGEDCOM RP110NC All versions V4.3.10, RUGGEDCOM RS400 All versions V4.3.10, RUGGEDCOM RS400NC All versions V4.3.10, RUGGEDCOM RS401 All...

PT-2024-5179 · Siemens · Ruggedcom Rs920L +10

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM RMC30 versions prior to V4.3.10 RUGGEDCOM RMC30NC versions prior to V4.3.10 RUGGEDCOM RP110 versions prior to V4.3.10 RUGGEDCOM RP110NC versions prior to V4.3.10 RUGGEDCOM RS400 versions prior to V4.3.10 RUGGEDCOM RS400NC versions...

IBM FlashSystem 5300 安全漏洞

The IBM FlashSystem 5300 is an IBM storage enterprise system from International Business Machines IBM that stores data on flash memory. The IBM FlashSystem 5300 suffers from an authentication error vulnerability that could be exploited by an attacker to cause loss of access to data using a USB po...

The vulnerability of the UART interface in ASUS RT-N12+ B1 microprogramming software allows a intruder to gain unauthorized access to the root terminal.

The vulnerability of the UART interface in ASUS RT-N12+ B1 microprogrammed software routers is related to deficiencies in access control. Exploiting this vulnerability can allow a perpetrator to gain unauthorized access to the root terminal...

PT-2024-28650 · Ibm · Ibm Flashsystem 5300

Name of the Vulnerable Software and Affected Versions: IBM FlashSystem 5300 affected versions not specified Description: The issue allows a user with physical access to the system to use a disabled USB port, potentially causing loss of access to data. This can occur even if the administrator has...

CVE-2024-32754 Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information...

Johnson Controls Kantech KT1, KT2, KT400 Security Vulnerability

The Johnson Controls Kantech KT1 is an Ethernet-enabled single-door controller.The Johnson Controls Kantech KT2 is an Ethernet-enabled two-door controller.The Johnson Controls Kantech KT400 is an Ethernet-enabled four-door controller. The Johnson Controls Kantech KT400 is an Ethernet-enabled...

PT-2024-24827 · Johnson Controls · Kt1 +2

Name of the Vulnerable Software and Affected Versions: KT1, KT2, and KT400 controllers affected versions not specified Description: The issue concerns the broadcasting of sensitive information when the controller is in factory reset mode. Specifically, the controller broadcasts its MAC address,...

The vulnerability of the MICROprogramming software of the SIMATIC CN 4100 communication gateway lies in the absence of an immutable root certificate in the equipment. This allows a malicious actor to gain access to read or write data in the device’s file system.

The vulnerability of the SIMATIC CN 4100 communication gateway’s microprogramming software is related to the absence of an immutable trust root in the equipment. Exploiting this vulnerability can allow attackers to gain access to read or write data in the device’s file system through an unlimited...

kernel: usb: config: fix iteration issue in 'usb_get_bos_descriptor()'

In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in 'usbgetbosdescriptor' The BOS descriptor defines a root descriptor and is the base descriptor for accessing a family of related descriptors. Function 'usbgetbosdescriptor' encounters an iterati...

kernel: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path

In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass actlen in usbbulkmsg error path syzbot reported that actlen in kalmiasendinitpacket is uninitialized when passing it to the first usbbulkmsg error path. Jiri Pirko noted that it's pointless to pass it ...

PT-2024-37639 · Litemall · Litemall

Name of the Vulnerable Software and Affected Versions: litemall versions up to 1.8.0 Description: A critical issue was found in the AdminGoodscontroller.java file, where the manipulation of the goodsId, goodsSn, and name arguments leads to SQL injection. This issue can be exploited remotely...

OESA-2024-1765 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: spi: Fix deadlock when adding SPI controllers on SPI buses Currently we have a global spiaddlock which we take when adding new devices so that we can check that...

Inside a Violent Gang's Ruthless Crypto-Stealing Home Invasion Spree

More than a dozen men threatened, assaulted, tortured, or kidnapped 11 victims in likely the worst-ever crypto-focused serial extortion case of its kind in the US...

SUSE CVE-2024-36477

In the Linux kernel, the following vulnerability has been resolved: tpmtisspi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAXSPIFRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not account...

SUSE CVE-2024-38628

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uaudio: Fix race condition use of controls after free during gadget unbind. Hang on to the control IDs instead of pointers since those are correctly handled with locks...

SUSE CVE-2024-38634

In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Lock port-lock when calling uarthandlectschange uarthandlectschange has to be called with port lock taken, Since we run it in a separate work, the lock may not be taken at the time of running. Make sure that it's...

CVE-2024-38634

In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Lock port-lock when calling uarthandlectschange uarthandlectschange has to be called with port lock taken, Since we run it in a separate work, the lock may not be taken at the time of running. Make sure that it's...

CVE-2024-38633

A vulnerability was found in the Linux kernel, affecting the max3100 serial driver. This issue involves improper handling of the uartdriverregistered state upon driver removal, which could lead to use-after-free conditions or undefined behavior. This flaw might allow attackers to exploit the driv...

AZL-42857 CVE-2024-36477 affecting package kernel for versions less than 5.15.160.1-1

In the Linux kernel, the following vulnerability has been resolved: tpmtisspi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAXSPIFRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not account...