USN-3208-2 linux-lts-xenial vulnerabilities

USN-3208-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the generic SCSI block layer in the Linux kernel did not proper...

USN-3208-1 linux, linux-snapdragon vulnerabilities

It was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service system crash or possibly gain administrative privileges. CVE-2016-10088 CAI Qian discovered that t...

Xshell5 5.0 Build 1124 DLL Hijacking

Title: Xshell5 - "api-ms-win-appmodel-runtime-l1-1-0" DLL Loading Arbitrary Code Execution. + Credits / Discovery: Nassim Asrir + Author Email: [email protected] + Author Company: Henceforth Vendor: =============== https://www.netsarang.com/ Product Version: =============== 5.0 Build 1124...

QEMU 'hw/usb/hcd-xhci.c' Denial of Service Vulnerability

QEMU aka Quick Emulator is a suite of analog processor software developed by French programmer Fabrice Bellard. QEMU suffers from a denial of service vulnerability. An attacker could exploit this vulnerability to cause a denial of service...

The vulnerability of the Android operating system, which allows a perpetrator to trigger a service failure or otherwise affect the system.

The vulnerability of the ION subsystem, Binder, USB drivers, and the network subsystem of the Android operating system is related to the lack of protection for sensitive data. Exploiting this vulnerability can allow a malicious actor to cause service failures or otherwise affect the system...

The vulnerability of the Android operating system, which allows a perpetrator to trigger a service failure or otherwise affect the system.

The vulnerability of the ION subsystem, Binder, USB drivers, and the network subsystem of the Android operating system is related to the lack of protection for sensitive data. Exploiting this vulnerability can allow a malicious actor to cause service failures or otherwise affect the system...

The vulnerability of the Android operating system, which allows a perpetrator to trigger a service failure or otherwise affect the system.

The vulnerability of the ION subsystem, Binder, USB drivers, and the network subsystem of the Android operating system is related to the lack of protection for sensitive data. Exploiting this vulnerability can allow a malicious actor to cause service failures or otherwise affect the system...

The vulnerability of the Android operating system, which allows a perpetrator to trigger a service failure or otherwise affect the system.

The vulnerability of the ION subsystem, Binder, USB drivers, and the network subsystem of the Android operating system is related to the lack of protection for sensitive data. Exploiting this vulnerability can allow a malicious actor to cause service failures or otherwise affect the system...

The vulnerability of the Android operating system, which allows a perpetrator to trigger a service failure or otherwise affect the system.

The vulnerability of the ION subsystem, Binder, USB drivers, and the network subsystem of the Android operating system is related to the lack of protection for sensitive data. Exploiting this vulnerability can allow a malicious actor to cause service failures or otherwise affect the system...

DEBIAN-CVE-2017-5549

The klsi105getlinestate function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log...

CVE-2017-5549

CVE-2017-5549 affects the Linux kernel prior to 4.9.5. The vulnerability exists in klsi_105_get_line_state (drivers/usb/serial/kl5kusb105.c) where, on a failure to read the line status, uninitialized heap memory contents are placed into a log entry. This can allow a local attacker to read sensiti...

The vulnerability of Schneider Electric’s Modbus Serial Driver for programmable logic controllers allows a perpetrator to execute arbitrary code.

The multiple vulnerabilities in the Schneider Electric Modbus Serial Driver are caused by buffer overflows on the stack. Exploitation of these vulnerabilities allows an attacker to execute arbitrary code using a high value for the buffer size in the Modbus application header...

CVE-2016-10175

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRSnetgearsuccess.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers t...

Design/Logic Flaw

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRSnetgearsuccess.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers t...

CVE-2016-10175

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRSnetgearsuccess.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers t...

CVE-2016-10175

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRSnetgearsuccess.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers t...

CVE-2016-10175

NETGEAR WNR2000v5 has an information-disclosure issue: a request to /BRS_netgear_success.html leaks the router’s serial number, enabling an attacker to obtain the administrator username and password in conjunction with CVE-2016-10176 (password-recovery bypass). No remediation details are provided...

CVE-2017-5579

Memory leak in the serialexitcore function in hw/char/serial.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service host memory consumption and QEMU process crash via a large number of device unplug operations...

CVE-2016-8407

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising ...

DEBIAN-CVE-2016-8405

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising ...