UBUNTU-CVE-2017-17558

The usbdestroyconfiguration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service...

Debian DLA-1200-1 : linux security update (KRACK)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2016-10208 Sergej Schumilo and Ralf Spenneberg discovered that a crafted ext4 filesystem could trigger memory corruption when it is mounted. A user...

CVE-2017-16241

Incorrect access control in AMAG Symmetry Door Edge Network Controllers EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00 enables remote attackers to execute door controller commands e.g., lock, unlock, add ID card value by sending...

Command injection

Incorrect access control in AMAG Symmetry Door Edge Network Controllers EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00 enables remote attackers to execute door controller commands e.g., lock, unlock, add ID card value by sending...

CVE-2017-16241

Incorrect access control in AMAG Symmetry Door Edge Network Controllers EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00 enables remote attackers to execute door controller commands e.g., lock, unlock, add ID card value by sending...

CVE-2017-16241

The CVE affects AMAG Symmetry EN-1DBC/EN-2DBC door controllers. Root cause is improper access control allowing unauthenticated, network-based requests (via Serial over TCP/IP) to execute door commands (lock/unlock) and inject RFID values. Impact is remote control of doors and credential manipulat...

USN-3485-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3485-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...

The vulnerability of the microprogramming software of the iBaby M3S wireless video camera lies in the presence of a pre-installed account, which allows a intruder to gain access to the device with administrator rights.

The vulnerability of the microprogrammed software of the iBaby M3S wireless video camera is related to the presence of a pre-set administrator account “admin”. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the device with administrator privileges via...

The vulnerability of the microprogrammed software of the Philips In.Sight B120/37 wireless video camera lies in the presence of pre-installed accounts, which allow a intruder to gain access to the device.

The vulnerability of the microprogrammed software of the Philips In.Sight B120/37 wireless video camera is related to the presence of preset user accounts for access via Telnet or UART accounts like “root”, “admin”, and “mg3500” with passwords “b120root”, “/ADMIN/”, and “merlin” respectively as...

The vulnerability of the microprogrammed software of the wireless video camera Lens Peek-a-View lies in the presence of pre-set accounts, which allow a intruder to gain access to the device.

The microprogramming software of the wireless video camera Lens Peek-a-View has vulnerabilities. There are pre-installed user accounts named “admin” with the password “2601hx” for access via UART, and user accounts named “user” and “guest” with passwords “user” and “guest” respectively for access...

CVE-2017-8156

The outdoor unit of Customer Premise Equipment CPE product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow t...

CVE-2017-8156

The outdoor unit of Customer Premise Equipment CPE product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow t...

Authentication flaw

The outdoor unit of Customer Premise Equipment CPE product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow t...

CVE-2017-8156

The outdoor unit of Customer Premise Equipment CPE product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow t...

CVE-2017-8156

CVE-2017-8156 is a no-authentication serial-port vulnerability in Huawei CPE outdoor unit B2338-168 V100R001C00. The issue allows an attacker with physical access to log in to the device via the serial console and take control of the outdoor unit. The Huawei PSIRT advisory confirms two related vu...

Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3487-1)

It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS. CVE-2017-12188 It was...

Ubuntu: Security Advisory (USN-3485-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3485-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3485-3 linux-aws vulnerabilities

It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-15265 Eric Biggers discovered that the key...

USN-3485-3: Linux kernel (AWS) vulnerabilities

It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-15265 Eric Biggers discovered that the key...