CVE-2023-34724

An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19T53, allows physical attackers to gain escalated privileges via the UART interface...

TechView LA-5570 安全漏洞

The TechView LA-5570 is a wireless router. A security vulnerability exists in the TechView LA-5570 version 1.0.19T53,which originates from a vulnerability that allows an attacker to gain escalated privileges via the UART interface...

CVE-2023-39801

A lack of exception handling in the Renault Easy Link Multimedia System Software Version 283C35519R allows attackers to cause a Denial of Service DoS via supplying crafted WMA files when connecting a device to the vehicle's USB plug and play feature...

Serial Codes Generator and Validator with WooCommerce Support < 2.4.15 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC There are two fields affected by a...

Serial Codes Generator and Validator with WooCommerce Support < 2.4.15 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup There are two fields affected by a...

WordPress Serial Codes Generator and Validator with WooCommerce Support Plugin < 2.4.15 is vulnerable to Cross Site Scripting (XSS)

Software Serial Codes Generator and Validator with WooCommerce Support Type Plugin Vulnerable versions 2.4.15 Fixed in 2.4.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID...

MOXA NPort IAW5000A-I/O Series Hard-Coded Credential Vulnerability

MOXA NPort IAW5000A-I/O Series is a wireless device server for use in industrial environments from MOXA, China. The server enables the integration of field serial devices with wireless Ethernet networks and incorporates digital IOs for industrial data acquisition applications. A hard-coded...

Harman Infotainment Security Breach

Harman Infotainment is an in-vehicle infotainment system from Harman. A security vulnerability exists in Harman Infotainment version 20190525031613, which originated from a vulnerability that allows an attacker to gain access to internal resources with root privileges via the USB Ethernet transfe...

CVE-2023-39391

Vulnerability of system file information leakage in the USB Service module. Successful exploitation of this vulnerability may affect confidentiality...

eProsima Fast DDS Security Vulnerability

eProsima Fast DDS is the C++ implementation of eProsima's OMG Object Management Group DDS Data Distribution Service standard. A security vulnerability exists in eProsima Fast DDS versions prior to 2.9.1, which stems from the fact that improper serial number validation may cause the remote...

Azure Serial Console Attack and Defense - Part 1

Ever had a virtual machine crash? Azure Serial console is a great way to directly connect to your Virtual machine and debug what went wrong. Azure Serial Console is a feature that's available for free for everyone. While the primary intent of this feature is to assist users debug their machine,...

openssh security update

7.4p1-23.0.1fips - Change Epoch from 1 to 10 - Enable fips KDF POST Orabug: 32461750 - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method Orabug: 32461739 7.4p1-23.0.1 - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer without...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an information disclosure vulnerability that stems from inadequate protection of sensitive information in the USBService module...

CVE-2023-39075

Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R builds 11.10.2021 to 16.01.2023 allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device...

Renault Zoe EV Security Vulnerability

The Renault Zoe EV is an automobile from Renault. A security vulnerability exists in the Renault Zoe EV 2021 automotive infotainment system versions 283C35202R through 283C35519R, 11.10.2021 through 16.01.2023, which originates from a vulnerability that could allow an attacker to compromise the...

Moxa NPort IAW5000A-I/O Series Serial Device Server Buffer Copy Without Checking Size of Input (CVE-2021-32968)

Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation (CVE-2021-32970)

Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions. This plugin only works with Tenable.ot. Please visit...

Moxa NPort IAW5000A-I/O Series Serial Device Server Stack-Based Buffer Overflow (CVE-2021-32976)

Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code. This plugin only works with Tenable.ot. Please visit...

DEBIAN-CVE-2023-4010

A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usbgivebackurb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descripto...

PT-2023-4073

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb giveback urb function has a logic loophole in its implementation, causing it to fall into an...