CVE-2019-15213

An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver...

[SECURITY] Fedora 29 Update: mgetty-1.2.1-6.fc29

The mgetty package contains a "smart" getty which allows logins over a serial line i.e., through a modem. If you're using a Class 2 or 2.0 modem, mgetty can receive faxes. If you also need to send faxes, you'll need to install the sendfax program. If you'll be dialing in to your system using a...

UBUNTU-CVE-2019-15212

An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver...

UBUNTU-CVE-2019-15218

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver...

DEBIAN-CVE-2019-15118

checkinputterm in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion...

DEBIAN-CVE-2019-15117

parseaudiomixerunit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access...

UBUNTU-CVE-2019-15117

parseaudiomixerunit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access...

Debian DLA-1884-1 : linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAPNETADMIN capability in a...

PT-2019-13638 · Bc Vault · Bc Vault

Name of the Vulnerable Software and Affected Versions: BC Vault affected versions not specified Description: A side channel was discovered related to the row-based SSD1309 OLED display on BC Vault devices. The power consumption during each display cycle varies based on the number of illuminated...

PT-2019-3103 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.2.8 Description: The issue is related to a NULL pointer dereference in the sound/usb/helper.c motu microbookii driver of the Linux kernel. This can be caused by a malicious USB device. Exploitation of this iss...

PT-2019-13634 · Shapeshift · Keepkey

Name of the Vulnerable Software and Affected Versions: ShapeShift KeepKey devices affected versions not specified Description: A side channel vulnerability was discovered related to the row-based OLED display on ShapeShift KeepKey devices. The power consumption of each display cycle varies based ...

PT-2019-13632 · Trezor · Trezor One

Name of the Vulnerable Software and Affected Versions: Trezor One versions prior to 1.8.2 Description: A side channel was found in the row-based OLED display of Trezor One devices, allowing a partial recovery of display contents based on power consumption. This could potentially be exploited by a...

kernel: out-of-bounds in function build_audio_procunit in sound/usb/mixer.c

An out-of-bounds flaw was found in the ALSA usb-audio subsystem in the Linux kernel. An array boundary check was needed to restrict the array size; failing this can cause an out-of-bound access problem. Data confidentiality and integrity, as well as system availability, are all threats with this...

PT-2019-4477 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.2.10 Description: The issue is related to a use-after-free bug in the Linux kernel, specifically in the drivers/hid/usbhid/hiddev.c driver. This bug can be triggered by a malicious USB device, potentially...

CVE-2019-14456

Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system connected to a serial port on an Opengear console server sends crafted text to a serial port that has logging enabled, the text will b...

CVE-2019-14456

Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system connected to a serial port on an Opengear console server sends crafted text to a serial port that has logging enabled, the text will b...

Cross site scripting

Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system connected to a serial port on an Opengear console server sends crafted text to a serial port that has logging enabled, the text will b...

CVE-2019-14456

Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system connected to a serial port on an Opengear console server sends crafted text to a serial port that has logging enabled, the text will b...

USN-4080-1: OpenJDK 8 vulnerabilities

Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side-channel attacks. An attacker could possibly use this to expose sensitive information. CVE-2019-2745 It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing...

PT-2019-3108 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.2.3 Description: The issue is related to a NULL pointer dereference in the drivers/media/usb/zr364xx/zr364xx.c driver, caused by a malicious USB device. This can lead to a denial of service. Recommendations: F...