Android Serial Peripheral Interface Driver Privilege Vulnerability

Android on Pixel C is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA for the Pixel C. The serial peripheral interface SPI driver is a component of the Serial Peripheral Interface SPI driver is one of the A power lifting vulnerability exists in th...

The vulnerability of the Linux operating system’s kernel, which allows a hacker to obtain confidential information

The vulnerability of the serialmultiportstruct structure in the Linux operating system is related to access control deficiencies. Exploiting this vulnerability could allow a local attacker to obtain confidential information...

Security update for qemu (important)

qemu was updated to fix 29 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation bsc981266 - CVE-2015-8817: Avoi...

SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:1560-1)

qemu was updated to fix 37 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation bsc981266 - CVE-2015-8817: Avo...

DEBIAN-CVE-2016-2392

The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service NULL pointer dereference and QEMU process crash via vectors...

USN-3000-1 linux-lts-utopic vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

USN-2997-1: Linux kernel (OMAP4) vulnerabilities

Jann Horn discovered that eCryptfs improperly attempted to use the mmap handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service system crash or possibly execute arbitrary code with...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-3000-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3000-1 advisory. Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use th...

QEMU scsi denial of service vulnerability (CNVD-2016-03666)

QEMU is a simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A denial of service vulnerability exists in QEMU's scsi. An attacker can exploit this vulnerability to cause a denial of service write across boundaries when the progra...

CVE-2015-7360

Multiple cross-site scripting XSS vulnerabilities in the Web User Interface WebUI in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 serial parameter to alerts/summary/profile/; the 2 urlForCreatingReport parameter to csearch/report/export/...

Moxa NPort Serial-to-Ethernet Server Detection

Binary data scadamoxanportdetect.nbin...

IRZ RUH2 Design Vulnerability

IRZ RUH2 is a serial-to-network connector system from the Russian company IRZ. A security vulnerability exists in the iRZ RUH2. A remote attacker could exploit the vulnerability to upload firmware with an unavailable patch...

CVE-2016-0190

Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk, which allows local users to read arbitrary files on these disks via RemoteFX requests, aka...

USN-2971-2 linux-lts-wily vulnerabilities

USN-2971-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did no...

USN-2968-2: Linux kernel (Trusty HWE) vulnerabilities

USN-2968-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kerne...

USN-2968-1: Linux kernel vulnerabilities

Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7515 Ben Hawkes discovered that the Linux kernel's AIO...

USN-2965-3 linux-raspi2 vulnerabilities

Jann Horn discovered that the extended Berkeley Packet Filter eBPF implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. CVE-2016-4557 Ralf Spenneberg...

Linux kernel denial of service vulnerability (CNVD-2016-02791)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A denial of service vulnerability exists in the 'mctu232msrtostate' function in the drivers/usb/serial/mctu232.c file in Linux kernel versions prior to 4.5.1. An attacker coul...

Linux kernel denial of service vulnerability (CNVD-2016-02788)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A denial of service vulnerability exists in the 'digiportinit' function in the drivers/usb/serial/digiacceleport.c file in Linux kernel versions prior to 4.5.1. An attacker ca...

DEBIAN-CVE-2016-3140

The digiportinit function in drivers/usb/serial/digiacceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a crafted endpoints value in a USB device descriptor...