6175 matches found
CVE-2020-7523
Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver see security notification for versions which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileg...
CVE-2020-7523
Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver see security notification for versions which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileg...
Privilege escalation
Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver see security notification for versions which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileg...
CVE-2020-7523
Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver see security notification for versions which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileg...
CVE-2020-7523
Schneider Electric Modbus Serial Driver contains an improper privilege management vulnerability that could enable local privilege escalation when the Modbus Serial Driver service is invoked. The driver reportedly does not properly assign, modify, track, or check privileges for an actor, creating ...
QEMU buffer overflow vulnerability
QEMU Quick Emulator is a set of simulation processor software by French software developer Fabrice Bellard. The software is fast, cross-platform and other characteristics. A buffer overflow vulnerability exists in QEMU's USB emulator that originates when a networked system or product performs an...
Denial of Service Vulnerability in NP301 of Shenzhen Sanwang Communication Co.
The NP301 is a serial networking server that instantly gives serial devices the ability to be networked. Shenzhen Sanwang Communication Co., Ltd NP301 suffers from a denial-of-service vulnerability that can be exploited by an attacker to cause the device to reboot...
USN-4465-1 linux-hwe, linux-aws-5.3, linux-azure-5.3, linux-gke-5.3 vulnerabilities
It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. CVE-2020-12655 It was discovered that the...
Command Execution Vulnerability in EKI-1521 at Advantech (China) Co.
The EKI-1521 is a serial device networking server that supports RS-232/422/485. A command execution vulnerability exists in the Advantech China EKI-1521, which can be exploited by an attacker to remotely execute system commands...
The vulnerability of the Schneider Electric Modbus Serial Driver and Schneider Electric Modbus Driver Suite, related to insecure management of privileges, allows attackers to escalate their privileges.
The vulnerability of the Schneider Electric Modbus Serial Driver and Schneider Electric Modbus Driver Suite lies in the insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...
Denial of Service Vulnerability in ZLAN5102-3/ZLAN5102/ZLAN5103 Common Single Serial Servers of Shanghai Zoran Information Technology Co.
Shanghai Zoran Information Technology Co., Ltd. is a high-tech enterprise providing industrial Internet of Things IoT solutions. Founded in 2008, our products include: Serial Servers, IoT Chips, Serial to Ethernet, and so on. A denial of service vulnerability exists in the...
CVE-2020-15137
All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. A malicious USB device can trigger disclosure of unrelated kernel memory to userspace applications on the host, or can cause the kernel to crash. Kernel memory disclosure is especially likely on 32-b...
UBUNTU-CVE-2020-0256
In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver
A vulnerability was found in hiddevopen in drivers/hid/usbhid/hiddev.c in the USB Human Interface Device class subsystem, where an existing device must be validated prior to its access. The device should also ensure the hiddevlist cleanup occurs at failure, as this may lead to a use-after-free...
Unauthorized Access Vulnerability in Netcentric Cloud Devices of Shenzhen Netcentric Technology Co.
Shenzhen Netcenter Technology Co., Ltd, dedicated to the global shared computing and blockchain field, amplifies everyone's power through technological innovation. Shenzhen Netcentric Technology Co., Ltd Netcentric cloud devices have unauthorized access vulnerability, attackers can use the...
The vulnerability of the USB 2.0 controller EHCI in VMware ESXi, VMware Workstation, and VMware Fusion allows a attacker to execute arbitrary code.
The vulnerability of the USB 2.0 controller EHCI in VMware ESXi, VMware Workstation, and VMware Fusion stems from synchronization errors when using shared resources „Race Conditions“. Exploiting this vulnerability allows an attacker to execute arbitrary code...
CVE-2020-15029
NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter...
CVE-2020-12024
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to th...
CVE-2019-18254
BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with...
CVE-2019-18254
BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with...