Juniper Networks Junos OS 代码问题漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A denial of service vulnerability exists in Juniper Networks Junos OS, which originates from a kernel crash when certain U...

Use of Telnet in multiple SICK Flexi Soft and Flexi Classic Gateways

Several versions of the SICK Flexi Soft Gateways FX0-GENT, FX0-GMOD, FX0-GPNT and SICK Flexi Classic Gateway UE410 provide a Telnet interface for debugging, which is enabled by factory default. No password is set in the default configuration. If the password is not set by the customer, a remote...

NewStart CGSL CORE 5.05 / MAIN 5.05 : openssl Multiple Vulnerabilities (NS-SA-2023-0025)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openssl packages installed that are affected by multiple vulnerabilities: - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is clo...

Linux kernel 代码问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux kernel, which stems from the DVB USB AZ6027 driver containing a null pointer dereference when processing certain messages...

TP-LINK TL-WR940N 安全特征问题漏洞

The TP-LINK TL-WR940N is a wireless router from China P&L TP-LINK. The TP-Link TL-WR940N suffers from a Security Feature Issue vulnerability that stems from a lack of sufficient randomness in the serial number used for session management. An attacker could exploit the vulnerability to bypass...

DEBIAN-CVE-2023-1079

A flaw was found in the Linux kernel. A use-after-free may be triggered in asuskbdbacklightset when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the workstruct may be scheduled by...

CVE-2023-20082

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This...

PT-2023-2222 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches versions prior to 16.11.1 Description: A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker...

Unbreakable Enterprise kernel security update

4.14.35-2047.523.4.1 - mm: kvmalloc does not fallback to vmalloc for incompatible gfp flags Michal Hocko Orabug: 35164196 4.14.35-2047.523.4 - rds: ib: Keep IB MRs on cleanlist unless we are tearing down the pool Hakon Bugge Orabug: 34987235 - rds: ib: Add FRWR related statistics counters Hakon...

Unbreakable Enterprise kernel-container security update

4.14.35-2047.523.4.1 - mm: kvmalloc does not fallback to vmalloc for incompatible gfp flags Michal Hocko Orabug: 35164196 4.14.35-2047.523.4 - rds: ib: Keep IB MRs on cleanlist unless we are tearing down the pool Hakon Bugge Orabug: 34987235 - rds: ib: Add FRWR related statistics counters Hakon...

Remote Code Execution (RCE)

github.com/edgelesssys/constellation is vulnerable to Remote Code Execution RCE. The vulnerability is due to allowing the serial console to boot to a rescue shell when the boot fails, which grants full VM access to an attacker...

The vulnerability of the Qualcomm USB 3.0 kernel in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the Qualcomm USB 3.0 driver’s Linux operating system kernel involves copying buffers without checking the size of the input data. Exploiting this vulnerability can allow attackers to cause service failures...

The vulnerability of the HID subsystem (drivers/hid/hid-core.c) in the Linux kernel allows a attacker to cause an application to crash or increase their privileges.

The vulnerability of the HID subsystem drivers/hid/hid-core.c in the Linux kernel is related to memory corruption caused by a user using a malicious USB device. Exploiting this vulnerability can allow an attacker to cause an application to crash or increase their privileges...

The vulnerability in the USB module subsystem of the Linux kernel’s drivers/usb/core/hub.c file allows a hacker to cause a service failure.

The vulnerability in the USB module’s drivers/usb/core/hub.c file of the Linux operating system is related to the incorrect order in which devices are removed from the usbresetdevice function. Exploiting this vulnerability can allow an attacker to cause a service failure...

kernel: memory corruption in AX88179_178A based USB ethernet device.

A flaw was found in the Linux kernel’s driver for the ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes...

iobroker.combustion-control (=0.0.1), jcode-ble (=0.0.1) +1 more potentially affected by CVE-2023-26109 via node-bluetooth-serial-port (=2.2.7)

node-bluetooth-serial-port NPM version =2.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on node-bluetooth-serial-port and may be impacted: - iobroker.combustion-control =0.0.1 - jcode-ble =0.0.1 - jcode-bluetooth =0.1.0, =0.9.2 Source cves:...

GHSA-9JH3-4PC9-HQ29 node-bluetooth-serial-port is vulnerable to Buffer Overflow via the findSerialPortChannel

All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation...

Buffer overflow

All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation...

CVE-2023-26109

All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation...

CVE-2023-26109

CVE-2023-26109 affects the node-bluetooth-serial-port package. The vulnerability is a Buffer Overflow in the internal function findSerialPortChannel caused by improper validation of the input length. Impact is described as high/critical with potential for confidentiality, integrity, and availabil...