OESA-2022-1489 udisks2 security update

The Udisks project provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies. Security Fixes: Vulnerability found in udisks2. The vulnerability allows an attacker to enter a specially crafted image file/USB to cause a kernel panic. The biggest threat ...

Google Chrome Web Serial security bypass vulnerability

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome Web Serial, which can be exploited by attackers to bypass security restrictions...

Chromium: CVE-2022-0114 Out of bounds memory access in Web Serial

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome Web Serial, which can be exploited by attackers to bypass security restrictions...

Trendnet AC2600 TEW-827DRU Encryption Issue Vulnerability

Trendnet AC2600 TEW-827DRU is a wireless router.A security vulnerability exists in the Trendnet AC2600 TEW-827DRU, which stems from the fact that the Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protection for the UART function, and an attacker could exploit the vulnerabili...

CVE-2021-20168

Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default...

CVE-2021-23147

Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection and execute commands as the root user without authentication...

Netgear Nighthawk R6700 授权问题漏洞

The Netgear Nighthawk R6700 is a wireless router from Netgear USA. An authorization issue vulnerability exists in the Netgear Nighthawk R6700 that stems from the product's lack of adequate protection for UART console access. The vulnerability can be exploited by an attacker to execute commands as...

Trendnet AC2600 访问控制错误漏洞

Trendnet AC2600 TEW-827DRU is a wireless router.A security vulnerability exists in the Trendnet AC2600 TEW-827DRU, which stems from the fact that the Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protection for the UART function, and an attacker could exploit the vulnerabili...

CVE-2021-45603

Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before...

Netgear NETGEAR 信息泄露漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. An information disclosure vulnerability exists in certain NETGEAR devices, which can result in the disclosure of sensitive information on...

CVE-2021-42988

Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler 0x22001B in the USB Network Gate above 7.0.1370 below 9.2.2420 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

Qualcomm 芯片缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and are from time to time fabricated on the surface of semiconductor wafers. A buffer error vulnerability exists in multiple Qualcomm products...

Auerswald COMfortel 2.8F - Authentication Bypass

Exploit Title: Auerswald COMfortel 2.8F - Authentication Bypass Date: 06/12/2021 Exploit Author: RedTeam Pentesting GmbH Version: 1400/2600/3600 Advisory: Auerswald COMfortel 1400/2600/3600 IP Authentication Bypass RedTeam Pentesting discovered a vulnerability in the web-based configuration...

Nxp Semiconductors Nxp Kinetis K82 缓冲区错误漏洞

The Nxp Semiconductors Nxp Kinetis K82 is a microcontroller from Nxp Semiconductors of the Netherlands. A security vulnerability exists in the Nxp Semiconductors NXP Kinetis K82, which arises from the device having a buffer reread via a carefully crafted wlength value in a GET Status-Other reques...

USN-5164-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-37159 It was discovered that th...

USN-5163-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information kernel memory. CVE-2021-3655 It was discovered that the Option USB Hi...

openssl: NULL pointer dereference in X509_issuer_and_serial_hash()

The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field which might occur if the...

DEBIAN-CVE-2021-3802

A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability...

Denial of Service in Go-Ethereum

Go-Ethereum 1.10.9 nodes crash denial of service after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal...