DEBIAN-CVE-2019-19527

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e...

UBUNTU-CVE-2019-19536

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peakusb/pcanusbpro.c driver, aka CID-ead16e53c2f0...

UBUNTU-CVE-2019-19529

In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcbausb.c driver, aka CID-4d6636498c41...

UBUNTU-CVE-2019-19523

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79...

UBUNTU-CVE-2019-19526

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098...

UBUNTU-CVE-2019-19530

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef...

UBUNTU-CVE-2019-19527

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e...

UBUNTU-CVE-2019-19531

In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca...

UBUNTU-CVE-2019-19528

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d...

UBUNTU-CVE-2019-19537

In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c...

Analysing the Attack Surface of an Industrial Data Acquisition Device

Introduction The Data Station Plus from Red Lion Controls was handed to me to analyse the attack surface. The device is designed to connect to SCADA data acquisition devices over Modbus, Profibus, etc. by Serial or Ethernet connection. Data is collected and recorded to a local compact flash card...

Serial Number Identification (macOS)

Binary data macosxserialnumber.nbin...

Inateck BCST-60 Barcode Scanner Keystroke Injection Vulnerability

The Inateck BCST-60 is a barcode scanner that can be used wirelessly using 2.4 GHz radio communication or wired via USB. The Inateck BCST-60 Barcode Scanner suffers from a keystroke injection vulnerability that can be exploited by an attacker to send packets of data to a target system's USB...

openSUSE Security Update : java-11-openjdk (openSUSE-2019-2565)

This update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues : Security issues fixed October 2019 CPU bsc1154212: - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Bett...

openSUSE Security Update : java-11-openjdk (openSUSE-2019-2557)

This update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues : Security issues fixed October 2019 CPU bsc1154212: - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Bett...

DEBIAN-CVE-2019-10203

PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS...

Command Execution Vulnerability in KPS2204-2T4D-L3-L3

The KPS2204-2T4D-L3-L3 is a protocol converter device that integrates Ethernet and serial data transmission. The KPS2204-2T4D-L3-L3 suffers from a command execution vulnerability that can be exploited by an attacker to gain root privileges on the device...

Cross site request forgery (csrf)

The Loftek Nexus 543 IP Camera allows remote attackers to obtain 1 IP addresses via a request to getrealip.cgi or 2 firmware versions ui and system, timestamp, serial number, p2p port number, and wifi status via a request to getstatus.cgi...

DEBIAN-CVE-2019-19068

A memory leak in the rtl8xxxusubmitinturb function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxucore.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering usbsubmiturb failures, aka CID-a2cdd07488e6...

UBUNTU-CVE-2019-19068

A memory leak in the rtl8xxxusubmitinturb function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxucore.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering usbsubmiturb failures, aka CID-a2cdd07488e6...