CVE-2022-0331

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older...

Sophos Firewall 信息泄露漏洞

Sophos Firewall is a firewall from Sophos UK. A security vulnerability exists in Sophos Firewall version v18.5 MR2 and earlier, which stems from an information disclosure vulnerability in Webadmin that could allow an unauthenticated, remote attacker to read device serial numbers...

PT-2022-13110 · Sophos · Sophos Firewall

Name of the Vulnerable Software and Affected Versions: Sophos Firewall versions prior to v18.5 MR3 Description: An information disclosure issue in Webadmin allows an unauthenticated remote attacker to read the device serial number. Recommendations: For Sophos Firewall versions prior to v18.5 MR3,...

In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12 the endpoint index is not validated and might be manipulated by the host for out-of-array access.

...

The vulnerability of the Google Chrome browser’s Web Serial API interface allows a perpetrator to trigger a service failure.

The vulnerability of the Google Chrome browser’s Web Serial API interface is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure by using a specially created HTML page...

The vulnerability of the “len” parameter in the drivers/net/usb/sr9700.c file of Linux operating system kernels, which allows an attacker to access protected information

The vulnerability of the “len” parameter in the drivers/net/usb/sr9700.c file of Linux operating system kernels is related to errors in processing packet lengths. Exploiting this vulnerability may allow an attacker to gain access to protected information...

PT-2022-1373 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel versions affected versions not specified Description: The issue is related to an integer overflow in the rndis set response function of the rndis.c file, which could lead to a local escalation of privilege. This can occur if a...

CVE-2022-20056

In preloader usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID:...

Siemens RUGGEDCOM Devices Information Disclosure Vulnerability

RUGGEDCOM ROS-based devices are typically switches and serial-to-Ethernet devices used to connect equipment that operates in harsh environments, such as electric utility substations and traffic control cabinets. An information disclosure vulnerability exists in Siemens RUGGEDCOM Devices, which ca...

Phicomm 多款产品信任管理问题漏洞

Phicomm PHICOMM K2 is a wireless router.PHICOMM K3 is a dual-band Gigabit wireless WiFi router.PHICOMM K3C is a dual-band Gigabit wireless WiFi router.PHICOMM K2 A7 is a dual-band Gigabit wireless WiFi router.PHICOMM K2G A1 is a dual-band Gigabit wireless WiFi router. The PHICOMM K3 is a dual-ban...

Security update for the Linux Kernel (important)

openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2022:0760-1 Rating: important References: 1089644 1154353 1157038 1157923 1176447 1176940 1178134 1181147 1181588 1183872 1187716 1188404 1189126 1190812 1190972 1191580 1191655 1191741 1192210 1192483...

PT-2022-2366 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.12 Description: The issue is related to the Linux kernel's USB gadget driver, specifically in the udc-xilinx.c file. It involves an array index that is not properly validated, potentially allowing a remote...

Cyclades Serial Console Server 3.3.0 Privilege Escalation Vulnerability

Exploit Title: Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation Exploit Author: @ibby Vendor Homepage: https://www.vertiv.com/en-us/ Software Link: https://downloads2.vertivco.com/SerialACS/ACS/ACSv3.3.0-16/FL0536-017.zip Version: Legacy Versions V1.0.0 to V3.3.0-16 Tested on:...

Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation

Exploit Title: Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation Date: 09 Feb 2022 Exploit Author: @ibby Vendor Homepage: https://www.vertiv.com/en-us/ Software Link: https://downloads2.vertivco.com/SerialACS/ACS/ACSv3.3.0-16/FL0536-017.zip Version: Legacy Versions V1.0.0 to...

UBUNTU-CVE-2022-25258

An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests ones with a large array index and ones associated with NULL function pointer retrieval. Memory corruption might occur...

PT-2022-1368 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.10 Description: The issue is related to the USB Gadget subsystem in the Linux kernel, which lacks certain validation of interface OS descriptor requests. This can lead to memory corruption. The vulnerabilit...

多款VMware产品资源管理错误漏洞

VMware ESXi is a server virtualization platform that can be installed directly on physical servers.VMware Workstation is a set of virtual machine software.Vmware VMware Fusion is a product of Vmware, Inc. VMware Fusion is a suite of virtual machine software designed to run Windows applications on...

CVE-2022-0114

Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver...

CVE-2022-0114

Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver...

CVE-2022-0114

Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver...