CVE-2022-3485 Weak Password Recovery in ifm moneo appliance

In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device...

USN-5772-1 qemu vulnerabilities

It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. CVE-2021-3682 It...

IFM Moneo Appliance 授权问题漏洞

The IFM Moneo Appliance QHA200 and the IFM Moneo Appliance QHA210 are both pieces of hardware from IFM Germany that are used to operate Moneo in the production process. An authorization issue vulnerability exists in IFM Moneo Appliance versions prior to 1.9.3. An attacker could exploit this...

PT-2022-23883 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.6.0 through 3.6.8 Description: The issue is related to a crash in the USB HID protocol dissector, allowing denial of service via packet injection or crafted capture file on Windows. Recommendations: For Wireshark versions...

Wireshark 格式化字符串错误漏洞

Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in Wireshark versions 3.6.0 through 3.6.8 that stems from a cras...

GSD-2022-1008235 serial: imx: Add missing .thaw_noirq hook

serial: imx: Add missing .thawnoirq hook This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.267 by commit...

GSD-2022-1008158 serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()

serial: 8250: omap: Fix unpaired pmruntimeputsync in omap8250remove This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.225 by commit...

GSD-2022-1008157 serial: imx: Add missing .thaw_noirq hook

serial: imx: Add missing .thawnoirq hook This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.225 by commit...

PT-2022-36412 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.225 Description: The issue is related to a missing .thaw noirq hook in the serial imx driver. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

PT-2022-36490 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.267 Description: The issue is related to a missing .thaw noirq hook in the serial imx driver. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

PT-2022-36021 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.10 Description: The issue is related to a missing .thaw noirq hook in the serial imx driver. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

DEBIAN-CVE-2022-23467

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the razerattrreaddpistages, potentially bypassing KASLR. To exploit this vulnerability an attacker would...

PT-2022-26963 · Bd · Bd Bodyguard Infusion Pumps

Name of the Vulnerable Software and Affected Versions: BD BodyGuard infusion pumps affected versions not specified Description: The issue allows threat actors with physical access, specialized equipment, and knowledge to potentially configure or disable the pump through the RS-232 serial port...

BD BodyGuard 授权问题漏洞

BD BodyGuard is a series of small, lightweight, mobile infusion pumps from BD Medical USA. An authorization issue vulnerability exists in BD BodyGuard Pumps that stems from a lack of protection mechanisms for alternate hardware interfaces.The affected BD BodyGuard Infusion Pumps allow access via ...

The vulnerability of the Ethernet interfaces of Tofino Xenon Security Appliance, Tofino Argon Security Appliance, and EAGLE 20 Tofino, related to insufficient input data validation, allows attackers to execute arbitrary code.

The vulnerability of the Tofino Xenon Security Appliance, Tofino Argon Security Appliance, and EAGLE 20 Tofino lies in insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by connecting a USB drive containing a specially crafted...

CVE-2022-32967

RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information...

PT-2022-21615 · Realtek · Rtl8111Ep-Cg

Name of the Vulnerable Software and Affected Versions: RTL8111EP-CG/RTL8111FP-CG affected versions not specified Description: The DASH function in RTL8111EP-CG/RTL8111FP-CG has a hard-coded password. An unauthenticated physical attacker can use this default password during system reboot to acquir...

DEBIAN-CVE-2022-45888

An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device...

AZL-11487 CVE-2022-45888 affecting package kernel for versions less than 5.15.122.1-2

An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device...

PT-2022-6862

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 6.0.9 Description An issue was discovered in the Linux kernel, where the xillyusb.c file in the drivers/char/xillybus directory has a race condition and use-after-free during physical removal of a USB device. This...