CVE-2023-49515

Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components...

TP-LINK TC70 Security Vulnerability

The TP-LINK TC70 is a home security camera from China P&L TP-LINK. A security vulnerability exists in the TP-LINK TC70 and C200 that stems from the presence of an insecure privilege vulnerability that allows a physically neighboring attacker to gain access to sensitive information through a...

PT-2024-1169 · Tp Link · C200 Wifi Camera +1

Name of the Vulnerable Software and Affected Versions: TP Link TC70 and C200 WIFI Camera versions 1.3.4 through 1.3.10 Description: The issue is related to insecure permissions in the firmware of TP Link TC70 and C200 WIFI Cameras, allowing a physically proximate attacker to obtain sensitive...

[SECURITY] Fedora 38 Update: ppp-2.4.9-10.fc38

The ppp package contains the PPP Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an ISP Internet Service Provider or other organization over a modem...

USN-6548-4 linux-gkeop vulnerabilities

It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. CVE-2023-3006 It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors i...

CVE-2022-3010

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite...

CVE-2022-3010

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite...

Code injection

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite...

CVE-2022-3010 Predictable SSH credentials in Priva TopControl Suite

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite...

PT-2024-11551 · Priva · Priva Topcontrol Suite

Name of the Vulnerable Software and Affected Versions: Priva TopControl Suite affected versions not specified Description: The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. This makes it possible for an attacker to calculate the login...

The vulnerabilities of HCI (Host Controller Interface) and SCI interfaces, which operate according to the IEC 60870-5-104 standard, and are found in Hitachi Energy RTU500 programmable logic controllers, allow a perpetrator to trigger a service failure.

The vulnerabilities of HCI Host Controller Interface and SCI interfaces, which operate according to the IEC 60870-5-104 standard, in Hitachi Energy RTU500 programmable logic controllers, are related to insufficient verification of input data. Exploiting these vulnerabilities can allow an attacker...

CVE-2023-0011 Command Execution through Serial Interface of u-blox TOBY-L2

A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial interface of the module or the ability to modify the system or software which uses its serial...

PT-2023-22278 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: Heimdal Thor agent versions 3.4.2 through 3.7.0 Description: An issue in the Heimdal Thor agent allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via the Next-Gen Antivirus component...

PT-2023-15946 · Toby-L200 +4 · Toby-L200 +4

Name of the Vulnerable Software and Affected Versions: TOBY-L2 series: TOBY-L200, TOBY-L201, TOBY-L210, TOBY-L220, TOBY-L280 Description: A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This issue...

Azure Serial Console Attack and Defense - Part 2

This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders’ preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various tracing activities, such as using Azure activit...

The vulnerability of the USB 3.0 HUB driver in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the USB 3.0 HUB driver for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.326.6.el7 - Revert 'md/raid5: Wait for MDSBCHANGEPENDING in raid5d' Junxiao Bi Orabug: 35914789 - md: bypass block throttle for superblock update Junxiao Bi Orabug: 35914789 5.4.17-2136.326.5.el7 - Revert 'tracing: Increase trace array ref count on enable and filter files' Sherry Yang...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.326.6.el8 - Revert 'md/raid5: Wait for MDSBCHANGEPENDING in raid5d' Junxiao Bi Orabug: 35914789 - md: bypass block throttle for superblock update Junxiao Bi Orabug: 35914789 5.4.17-2136.326.5.el8 - Revert 'tracing: Increase trace array ref count on enable and filter files' Sherry Yang...

USN-6534-3 linux-hwe-6.2, linux-lowlatency-hwe-6.2, linux-nvidia-6.2 vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

Schneider Electric Easy UPS Online Monitoring Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Vendor: Schneider Electric Equipment: Easy UPS Online Monitoring Software Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow elevation of privileges which could result in arbitrary file...