Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that results in a denial of service due to the dereference of an untrusted pointer in the core when sending USB QMI requests...

PT-2023-13817 · Qualcomm · Snapdragon +110

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a Transient Denial of Service DOS caused by an untrusted pointer dereference in the core when sending a USB QMI request...

Honeywell OneWireless 操作系统命令注入漏洞

Honeywell OneWireless is an industrial wireless mesh network from Honeywell that can simultaneously support ISA100 Wireless IEC 62734, WirelessHART IEC 62591 field instruments transmitters, actuators, etc., Wi-Fi devices and Ethernet/IP-based devices. A security vulnerability exists in Honeywell...

The vulnerability of the fusbhub.sys library in software for remote connection and control of Flexihub USB devices allows a hacker to cause a service failure.

The vulnerability of the fusbhub.sys library in software for remote connection and control of USB devices like Flexihub is related to pointer swapping errors. Exploiting this vulnerability can allow attackers to cause service failures...

CVE-2023-2587

Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting XSS vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger...

Cross site scripting

Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting XSS vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger...

CVE-2023-32347

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, th...

CVE-2023-32346

Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether th...

CVE-2023-32347

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, th...

Information disclosure

Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether th...

CVE-2023-2587

Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting XSS vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger...

CVE-2023-2587

Teltonika RMS (Remote Management System) and its RUT routers are affected by multiple CVEs (CVE-2023-32346, -32347, -32348, -32349, -32350, -2587, -2586, -2588) due to XSS, improper authentication, SSRF, OS command injection, and exposed configuration. RMS pre-4.10.0 and RMS pre-4.14.0 (for -2586...

CVE-2023-32347

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, th...

PT-2023-23739 · Teltonika · Sygate Remote Management

Name of the Vulnerable Software and Affected Versions: Teltonika’s Remote Management System versions prior to 4.10.0 Description: The issue concerns a function in the Remote Management System that allows users to claim devices, returning information based on whether a device's serial number or MA...

Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover

A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines VMs to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to a threat group it tracks under the name UNC3944,...

Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover

A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines VMs to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to a threat group it tracks under the name UNC3944 ,...

freerdp: division by zero in urbdrc channel

A division-by-zero issue was found in FreeRDP's libusbudevice.c in the urbdrc channel. This flaw exists due to missing input validation in the urbdrc channel. A malicious server can pass specially crafted data to the client, causing a crash and denial of service...

kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug

A flaw was found in the Linux kernel ALSA USB audio driver. This vulnerability allows a denial of service via a crafted USB audio device...

kernel: USB: core: Prevent nested device-reset calls

In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 3 Not...

kernel: Report vmalloc UAF in dvb-core/dmxdev

A use-after-free flaw was found in the Linux kernel’s dvb-core subsystem DVB API used by Digital TV devices in how a user physically removed a USB device such as a DVB demultiplexer device while running malicious code. This flaw allows a local user to crash or potentially escalate their privilege...