ZBT WE1626 安全漏洞

The ZBT WE1626 is a router. A security vulnerability exists in the ZBT WE1626 version v21.06.18 that originates from allowing an attacker to execute arbitrary commands via a serial connection to the UART port...

CVE-2022-45553

An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port...

USN-5891-1 curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. CVE-2023-23914 Harry Sintonen...

OESA-2023-1115 wireshark security update

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols.It has many powerful featur...

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.

...

ALPINE-CVE-2023-23914

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...

AZL-34615 CVE-2023-23914 affecting package cmake for versions less than 3.21.4-10

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...

Design/Logic Flaw

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...

K37283878: Intel I210 network adapter vulnerability CVE-2020-0522

Security Advisory Description Improper initialization in the firmware for the IntelR Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. CVE-2020-0522 Impact The BIG-IP management network por...

USN-5879-1 linux-hwe-5.19 vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

USN-5874-1 linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-oracle-5.4 vulnerabilities

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service system crash or possibly...

SUSE CVE-2003-0461

/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords...

SUSE CVE-2003-0960

OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates...

SUSE CVE-2004-0685

Certain USB drivers in the Linux 2.4 kernel use the copytouser function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage...

SUSE CVE-2005-3055

Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service kernel OOPS via a userspace process that issues a USB Request Block URB to a USB device and terminates before the URB is finished, which leads to a stale pointer reference...

SUSE CVE-2005-4789

resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which allows local users to bypass intended access restrictions for USB devices that set their class ID at the interface level...

SUSE CVE-2006-2936

The ftdisio driver usb/serial/ftdisio.c in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service memory consumption by writing more data to the serial port than the hardware can handle, which causes the data to be queued...

SUSE CVE-2008-4680

packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service application crash or abort via a malformed USB Request Block URB...

SUSE CVE-2010-4074

The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the 1 mos7720ioctl function in...

SUSE CVE-2010-4523

Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to 1 card-acos5.c, 2 card-atrust-acos.c, and 3 card-starcos.c...