GSD-2022-1002546 drivers: tty: serial: Fix deadlock in sa1100_set_termios()

drivers: tty: serial: Fix deadlock in sa1100settermios This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.4 by commit...

PT-2022-3178 · Honeywell +1 · Honeywell Experion Pks Safety Manager +1

Name of the Vulnerable Software and Affected Versions: Honeywell Experion PKS Safety Manager version 5.02 Description: The issue is related to the use of hard-coded credentials in the Honeywell Experion PKS Safety Manager. The affected component is the POLO bootloader. An attacker with access to...

Oracle Linux 7 : kernel (ELSA-2022-9495)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9495 advisory. 3.10.0-1160.66.1.0.2.el7 - debug: lock down kgdb Orabug: 34270798 CVE-2022-21499 Tenable has extracted the preceding description block directly from the Oracle...

CVE-2022-2003

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC...

PT-2022-3143 · Automationdirect · Automationdirect Directlogic D0-06 Series Cpus

Name of the Vulnerable Software and Affected Versions: AutomationDirect DirectLOGIC D0-06 series CPUs versions prior to 2.72 Description: The issue is related to a vulnerability that allows an attacker to access the device and make unauthorized changes by sending a specifically crafted serial...

AutomationDirect DirectLOGIC 安全漏洞

AutomationDirect DirectLOGIC is a programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect DirectLOGIC that originates from an attack by a specially crafted serial message sent to the CPU serial port that causes the PLC to respond to the PLC...

AutomationDirect DirectLOGIC with Serial Communication

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Low attack complexity Vendor: AutomationDirect Equipment: DirectLOGIC with Serial Communication Vulnerability: Cleartext Transmission of Sensitive Information 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original...

DEBIAN-CVE-2022-20132

In lgprobe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User...

UBUNTU-CVE-2022-20132

In lgprobe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User...

CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

DEBIAN-CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

USN-5468-1 linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-intel-5.13, linux-kvm, linux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities

It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. CVE-2022-21499 Aaron Adams discovered that the netfilter subsystem in the Linux...

Verbatim Keypad Secure USB Drive 安全漏洞

The Verbatim Keypad Secure USB Drive is a hardware encrypted USB flash drive from Verbatim Corporation of China. A security vulnerability exists in the Verbatim Keypad Secure USB Drive that stems from a problem with the security lock, which can be attempted more than the required number of times...

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5470-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5470-1 advisory. It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker cou...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5471-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5471-1 advisory. It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged...

CVE-2022-31462

Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password derived from the serial number that can be found in Bluetooth broadcast data...