CVE-2016-8669

The serialupdateparameters function in hw/char/serial.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service divide-by-zero error and QEMU process crash via vectors involving a value of divider greater than baud base...

QEMU 'hw/usb/hcd-xhci.c' Denial of Service Vulnerability

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A denial of service vulnerability exists in QEMU 'hw/usb/hcd-xhci.c', which can be exploited by an attacker to crash the application and cause...

Updated gnutls packages fix security vulnerability

An issue was found in certificate validation using OCSP responses caused by not verifying the serial length, which can falsely report a certificate as valid CVE-2016-7444...

DEBIAN-CVE-2016-7444

The gnutlsocsprespcheckcrt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by...

ALPINE-CVE-2016-7444

The gnutlsocsprespcheckcrt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by...

UBUNTU-CVE-2016-7444

The gnutlsocsprespcheckcrt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by...

QEMU 'hw/usb/hcd-xhci.c' Information Disclosure Vulnerability

QEMU is the law suite of analog processor software. An information disclosure vulnerability exists in QEMU 'hw/usb/hcd-xhci.c', which allows attackers to exploit the vulnerability to obtain sensitive information...

USN-3070-4 linux-lts-xenial vulnerabilities

USN-3070-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. A missing permission check when settings ACLs was discovered in nfsd. A local user cou...

SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:1703-1)

qemu was updated to fix 29 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation bsc981266 - CVE-2015-8817: Avo...

Universal Serial aBUSe: USaBUSe

Universal Serial aBUSe Universal Serial aBUSe is a project released at Defcon 24 by Rogan Dawes. The team took some fairly common attacks fake keyboards in small USB devices that type nasty things and extended them to provide us with a bi-directional binary channel over our own wifi network to gi...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the Android operating system’s Serial Peripheral Interface driver is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges through a specially created application...

CVE-2016-0915

The Self-Service Portal in EMC RSA Authentication Manager AM Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service PIN change for an arbitrary user via a modified token serial number within a PIN change request, related to a "direct...

UBUNTU-CVE-2016-5400

Memory leak in the airspyprobe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service memory consumption via a crafted USB device that emulates many VFLTYPESDR or VFLTYPESUBDEV devices and performs many...

RHEL 7 : kernel (RHSA-2016:1395)

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...

CVE-2016-3807

The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196...

Code injection

The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196...

UBUNTU-CVE-2016-3808

The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009...

CVE-2016-3808

The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009...

Android Serial Peripheral Interface Driver Mobilization Vulnerability (CNVD-2016-04729)

Android on Nexus 5X and 6P is an open source Linux-based operating system for the Nexus 5X and 6P smartphones developed by Google and the Open Handset Alliance OHA. serial peripheral interface SPI driver is one of the serial peripheral interface driver components. A power lifting vulnerability...