6175 matches found
UBUNTU-CVE-2020-15437
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250core.c:serial8250isainitports that allows local users to cause a denial of service by using the p-serialin pointer which uninitialized...
Linux kernel 代码问题漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of Linux kernel prior to 5.8, which stems from vulnerability to a null pointer dereference attack in...
PT-2020-6485
Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileg...
Cisco AsyncOS 操作系统命令注入漏洞
Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. Cisco AsyncOS for the Cisco Secure Web Appliance suffers from an operating system command injection vulnerability that stems from insufficient validation of user-supplied web interface and CLI input. The vulnerability can be...
SUSE-SU-2020:3359-1 Security update for java-11-openjdk
This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.9-11 October 2020 CPU, bsc1177943 New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling +...
Mozilla Firefox for Android Security Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Firefox for Android suffers from a security vulnerability that stems from the fact that if remote debugging via USB is enabled in versions of Android prior to 6.0, an untrusted application can connect ...
Unbreakable Enterprise kernel security update
2.6.39-400.327.1 - USB: serial: omninet: fix reference leaks at open Johan Hovold Orabug: 30484765 CVE-2017-8925 - x8632, entry: Store badsys error code in %eax Sven Wegener Orabug: 30783266 CVE-2014-4508 CVE-2014-4508 - x8632, entry: Do syscall exit work on badsys CVE-2014-4508 Andy Lutomirski...
Google Chrome Resource Management Error Vulnerability (CNVD-2020-62475)
Google Chrome is a Web browser from Google, a U.S. company. Blink is a browser layout engine rendering engine jointly developed by Google and Norway's OperaSoftware. A security vulnerability exists in versions of Google Chrome prior to 86.0.4240.99, which allows an attacker to compromise the...
TP-Link Archer A7 Code Execution Vulnerability
The TP-Link Archer A7 is a wireless router from China P&L TP-Link. A security vulnerability exists in the TP-Link Archer A7USV5200721 UNIX Symbolic Link, which originates from a vulnerability that allows an authenticated administrative user with physical and network access to execute arbitrary co...
CVE-2020-27402
The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port UART connection or using adb...
Design/Logic Flaw
The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port UART connection or using adb...
freerdp: Out of bound read/write in usb redirection channel
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled nearly arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0...
kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c
A flaw was found in the Linux kernel's ext4unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI...
kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c
A flaw was found in the Linux kernel’s infrared serial module. An attacker could use this flaw to corrupt memory and possibly escalate privileges...
kernel: race condition caused by a malicious USB device in the USB character device driver layer
A flaw was found in the Linux kernel, where there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer. An attacker who can hotplug at least two devices of this class can cause a use-after-free situation...
kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free
A use-after-free flaw was found in the Linux kernel’s input device driver functionality when unplugging a device. A user with physical access could use this flaw to crash the system...
kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c
An information leak flaw was found in the Linux kernel's USB digital video device driver. An attacker with a malicious USB device presenting itself as a 'Technotrend/Hauppauge USB DEC' device is able to issue commands to this specific device and leak kernel internal memory information. The highes...
kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c
An information leak flaw was found in the Linux kernel's USB digital video device driver. An attacker with a malicious USB device presenting itself as a 'Technotrend/Hauppauge USB DEC' device is able to issue commands to this specific device and leak kernel internal memory information. The highes...
kernel: race condition caused by a malicious USB device in the USB character device driver layer
A flaw was found in the Linux kernel, where there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer. An attacker who can hotplug at least two devices of this class can cause a use-after-free situation...
kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c
A flaw was found in the Linux kernel’s infrared serial module. An attacker could use this flaw to corrupt memory and possibly escalate privileges...