UBUNTU-CVE-2017-16535

The usbgetbosdescriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service out-of-bounds read and system crash or possibly have unspecified other impact via a crafted USB device...

UBUNTU-CVE-2017-16530

The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service out-of-bounds read and system crash or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c...

UBUNTU-CVE-2017-16527

sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service sndusbmixerinterrupt use-after-free and system crash or possibly have unspecified other impact via a crafted USB device...

JanTek JTC-200 Unauthorized Access Vulnerability

JanTek JTC-200 is a TCP/IP converter serial server from Taito JanTek Technology. An unauthorized access vulnerability exists in the JanTek JTC-200. An attacker can access the Busybox Linux shell via Telnet service without any authentication...

Authentication flaw

An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link ESL running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass...

CVE-2017-14003

An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link ESL running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass...

CVE-2017-14003

An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link ESL running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass...

CVE-2017-14003

An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link ESL running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass...

CVE-2017-14003

The CVE-2017-14003 issue affects LAVA Computer MFG Ether-Serial Link (ESL) devices running firmware 6.01.00/29.03.2007 and earlier. An improper authentication vulnerability allows an attacker with the same IP address to bypass authentication by accessing a specific resource locator, effectively e...

How to configure console access on XenServer or Citrix Hypervisor

This article is for customers running Citrix Hypervisor or XenServer who want to configure serial console access to their XenServer hosts. In some support cases, serial console access to the XenServer host is required for debug purposes. The serial connection is to use with HyperTerminal or simil...

Intel SPI Write Protection Local Security Bypass Vulnerability

Intel NUC7i3BNK, etc. are CPU Central Processing Unit products of Intel Corporation USA. A local security bypass vulnerability exists in Intel SPI Write Protection, which can be exploited by a local attacker to bypass certain security restrictions...

LAVA Computer MFG Ether-Serial Link Authentication Bypass Vulnerability

Ether-Serial Link is an Ethernet serial link device from LAVA Computer MFG. An authentication bypass vulnerability exists in LAVA Computer MFG Ether-Serial Link versions 6.01.00/29.03.2007 and earlier, which can be exploited by an attacker with the same IP address to bypass authentication by...

PT-2017-3153 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 4.13.11 Description: The issue is related to the get endpoints function in drivers/usb/misc/usbtest.c, which can cause a denial of service due to a NULL pointer dereference and system crash when a crafted USB...

PT-2017-3158 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.13.8 Description: The issue is related to a use-after-free error in the snd usb mixer interrupt function, located in the sound/usb/mixer.c file of the Linux kernel. This error can be exploited by local users v...

PT-2017-3160 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.13.8 Description: The issue is related to the usb serial console disconnect function in the Linux kernel, which can cause a denial of service use-after-free and system crash or possibly have unspecified other...

NPM-V (Network Power Manager) 2.4.1 - Password Reset

NPM-VNetwork Power Manager = 2.4.1 Reset Password Vulnerability Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: NPM-V Affected Version : 2.4.1 and below Vendor : http://www.china-clever.com Product Link : http://www.china-clever.com/en/index.php/product?view=products&cid=125 Date:...

Authentication flaw

Huawei UAP2105 before V300R012C00SPC160BootRom does not require authentication to the serial port or the VxWorks shell...

CVE-2015-6592

Huawei UAP2105 before V300R012C00SPC160BootRom does not require authentication to the serial port or the VxWorks shell...

CVE-2015-6592

Huawei UAP2105 before V300R012C00SPC160BootRom does not require authentication to the serial port or the VxWorks shell...

CVE-2015-6592

CVE-2015-6592 affects Huawei UAP2105 prior to V300R012C00SPC160 (BootROM). The issue is unauthenticated access to the serial port and the VxWorks shell, allowing an attacker to run VxWorks debugging commands and view/modify memory and files, leading to information disclosure and system anomalies....