PT-2023-34747 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.8 Description: The issue is related to a slab-out-of-bounds error on the RX FIFO buffer in the qcom-geni-serial driver. The actual impact and potential for attack have not been proven yet. Recommendations:...

kernel: memory corruption in AX88179_178A based USB ethernet device.

A flaw was found in the Linux kernel’s driver for the ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes...

kernel: memory corruption in AX88179_178A based USB ethernet device.

A flaw was found in the Linux kernel’s driver for the ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes...

kernel: memory corruption in AX88179_178A based USB ethernet device.

A flaw was found in the Linux kernel’s driver for the ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes...

libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation

An Improper Certificate Validation vulnerability was found in LibreOffice, where determining if a trusted author signed a macro was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro...

kernel: memory corruption in AX88179_178A based USB ethernet device.

A flaw was found in the Linux kernel’s driver for the ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes...

TP-LINK Tapo C200 安全漏洞

The TP-LINK Tapo C200 is a webcam device from China P&L TP-LINK. A security vulnerability exists in TP-LINK Tapo C200 version V1, which stems from an access control issue that allows a physically proximate attacker to gain root access by connecting to the UART pin, interrupting the boot process,...

OESA-2023-1040 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.CVE-2022-4662...

PT-2023-34476 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.163 Description: The issue concerns the serial: amba-pl011, where SBSA UART accessing DMACR register is avoided. This is an automated ID intended to aid in discovery of potential security vulnerabilities,...

PT-2023-1656 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory corruption flaw was found in the Linux kernel’s human interface device HID subsystem. This issue arises when a user inserts a malicious USB device, allowing a local user to...

Zyxel AX7501-B0 后置链接漏洞

The Zyxel AX7501-B0 is a router from China Heqin Zyxel. A security vulnerability exists in Zyxel AX7501-B0 versions prior to V5.17ABPC.3C0. An attacker could exploit the vulnerability to access the root filesystem by creating a symbolic link on an external storage medium e.g., a USB flash drive a...

CVE-2022-42275

NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service...

libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation

An Improper Certificate Validation vulnerability was found in LibreOffice, where determining if a trusted author signed a macro was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro...

PT-2023-9436 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.0-rt5-00350-gb2450b7e00be-dirty 26 Description: The vulnerability is related to a slab-out-of-bounds issue in the handle rx uart function of the qcom-geni-serial driver. This occurs when the RX FIFO depth is...

USN-5784-1 usbredir vulnerability

It was discovered that usbredir incorrectly handled memory when serializing large amounts of data in the case of a slow or blocked destination. An attacker could possibly use this issue to cause applications using usbredir to crash, resulting in a denial of service, or possibly execute arbitrary...

PT-2025-37561

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak exists in the USB UHCI driver when using the debugfs lookup function. Failing to call dput on the result of debugfs lookup leads to a memory leak over time. The issue is...

PT-2025-54133

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.1+g56321e101aca 1 Description The Linux kernel contains a flaw related to interrupt request handling in the tty serial driver for the imx platform. Specifically, pending USR interrupts may occur before the UA...

PT-2025-49731

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to out-of-bound memory access within the xhci-dbc driver. Specifically, if the xdbc bulk write function fails, the buffer used by the xdbc trace...

CVE-2021-35954

fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug SWD feature...

CVE-2021-35954

fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug SWD feature...