CVE-2019-18254

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with...

Denial of Service Vulnerability in ZoomInnovation Conexant C2000-B2-SFE0101-BB1 Serial Server

The C2000-B2-SFE0101-BB1 Serial Server is a serial device networking server. A denial of service vulnerability exists in the ZoomInnovation Conexant C2000-B2-SFE0101-BB1 Serial Server, which can be exploited by an attacker to cause a denial of service...

CVE-2020-14416

A use-after-free flaw was found in slcanwritewakeup in drivers/net/can/slcan.c in the serial CAN module slcan. A race condition occurs when communicating with can using slcan between the write scheduling the transmit and closing flushing out any pending queues the SLCAN channel. This flaw allows ...

Logic Flaw Vulnerability in ZLAN Serial Server at Shanghai Zoran Information Technology Co.

ZLAN5102 serial server is a protocol converter between RS232/485 and TCP/IP developed by Shanghai Zoran Information Technology Co. This serial server can easily connect serial devices to Ethernet and Internet, and realize the network upgrade of serial devices.ZLAN5103 is a new generation of...

Unspecified Vulnerability in BIOTRONIK CardioMessenger II-S (CNVD-2020-52055)

The Biotronik CardioMessenger II-S is a portable medical monitoring device from Biotronik Germany. A security vulnerability exists in the Biotronik CardioMessenger II-S T-Line T4APP version 2.20 and II-S GSM T4APP version 2.20. An attacker could exploit the vulnerability to obtain medical...

Security update for java-1_8_0-openjdk (important)

openSUSE Security Update: Security update for java-180-openjdk Announcement ID: openSUSE-SU-2020:0800-1 Rating: important References: 1160398 1169511 1171352 Cross-References: CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803...

Denial of Service Vulnerability in ZLAN5102 and ZLAN5103 Serial Port Servers

ZLAN5102 and ZLAN5103 serial servers are industrial-grade protocol converters between RS232/485 and TCP/IP produced by Shanghai Zoran. A denial of service vulnerability exists in the ZLAN5102 and ZLAN5103 serial servers, which can be exploited by an attacker to cause the device to reboot...

kernel: brcmfmac frame validation bypass

If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and not be processed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be...

kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS

A flaw was discovered in the Linux kernel's USB subsystem in the usbgetextradescriptor function in the drivers/usb/core/usb.c which mishandles a size check during the reading of an extra descriptor data. By using a specially crafted USB device which sends a forged extra descriptor, an unprivilege...

Unauthorized Access Vulnerability in ZLAN Serial Server

Shanghai Zoran Information Technology Co., Ltd. is a high-tech enterprise providing industrial IoT solutions. An unauthorized access vulnerability exists in the ZLAN serial port server, which can be exploited by an attacker to gain unauthorized access to the WEB management interface...

CVE-2020-9804

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. Inserting a USB device that sends invalid messages may cause a kernel panic...

LSN-0068-1: Kernel Live Patch Security Notice

It was discovered that the virtual terminal implementation in the Linux kernel did not properly handle resize events. A local attacker could use this to expose sensitive information. CVE-2020-8647 It was discovered that the virtual terminal implementation in the Linux kernel contained a race...

PT-2020-20764 · Apple · Ios +2

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.5 iPadOS versions prior to 13.5 macOS Catalina versions prior to 10.15.5 Description: A validation issue was addressed with improved input sanitization, which may allow a USB device to cause a denial of service...

Denial of Service Vulnerability in ZLAN Serial Server

ZLAN5102/ZLAN5103 Serial Servers are industrial-grade protocol converters between RS232/485 and TCP/IP produced by Shanghai Zoran. A denial of service vulnerability exists in the ZLAN Serial Servers, which can be exploited by an attacker to cause the device to deny service and reboot...

New USBCulprit Espionage Tool Steals Data From Air-Gapped Computers

A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday. The APT, known as Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for latera...

CVE-2019-14066

Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking Feature ID status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...

Integer overflow

Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking Feature ID status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...

CVE-2019-14066

Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking Feature ID status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...

DEBIAN-CVE-2020-11089

In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions parallelprocessirpcreate, serialprocessirpcreate, driveprocessirpwrite, printerprocessirpwrite, rdpeirecvpdu, serialprocessirpwrite. This has been fixed in 2.1.0...

UBUNTU-CVE-2020-11039

In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled nearly arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0...