EUVD-2024-38207

Malicious code in bioql PyPI...

CVE-2024-39723

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935...

AZL-52058 CVE-2024-50075 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: xhci: tegra: fix checked USB2 port number If USB virtualizatoin is enabled, USB2 ports are shared between all Virtual Functions. The USB2 port number owned by an USB2 root hub in a Virtual Function may be less than total USB2 phy...

CVE-2024-39723

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935...

CVE-2024-39723 IBM FlashSystem denial of service

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935...

Security Bulletin: This Power System update is being released to address CVE-2023-37453

Summary This affects the BMC's physical USB ports. Vulnerability Details CVEID:CVE-2023-37453 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds flaw in the readdescriptors function in drivers/usb/core/sysfs.c in the USB subsystem. By using a specially...

CVE-2023-29060

The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data...

Design/Logic Flaw

The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data...

CVE-2023-29060

CVE-2023-29060 describes a USB access control weakness in the BD FACSChorus workstation OS where the system does not restrict which USB devices can interact with ports. Affected products: BD FACSChorus on v5.0, v5.1, v3.0, and v3.1 workstations. Root cause: missing protection mechanism for altern...

Why is ‘Juice Jacking’ Suddenly Back in the News?

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation FBI and the Federal Communications Commission FCC about "juice jacking," a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile...

FBI Advising People to Avoid Public Charging Stations

The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to inject malware onto the devices: Avoid using free charging stations in airports, hotels, or shopping centers. Bad actors have figured out ways to use public USB por...

Don't plug your phone into a free charging station, warns FBI

In a recent tweet, the FBI office in Denver warned consumers against using free public charging stations, stating that criminals have managed to hijack public chargers with the objective of infecting devices with malware or other software that can give hackers access to your phone, tablet or...

PT-2025-8240

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue was related to the assignment of ACPI companions to xHCI ports and USB devices in the dwc3 host. The problem occurred...

Capsule Technologies SmartLinx Neuron 2 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit/public exploits are available Vendor: Capsule Technologies Equipment: SmartLinx Neuron 2 Vulnerability: Protection Mechanism Failure 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

CVE-2019-19537

A flaw was found in the Linux kernel, where there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer. An attacker who can hotplug at least two devices of this class can cause a use-after-free situation. Mitigation Many Character devices c...

Explained: juice jacking

When your battery is dying and you're nowhere near a power outlet, would you connect your phone to any old USB port? Joyce did, and her mobile phone got infected. How? Through a type of cyberattack called "juice jacking." Don’t be like Joyce. Although Joyce and her infected phone are hypothetical...

CVE-2018-18203

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker with physical access to the vehicle's USB ports the ability to rewrite the firmware of the head unit. This occurs because the device accepts modified QNX6 filesystem images as lo...

CVE-2018-18203

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker with physical access to the vehicle's USB ports the ability to rewrite the firmware of the head unit. This occurs because the device accepts modified QNX6 filesystem images as lo...

Buying Used Voting Machines on eBay

This is not surprising: This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines -- those that were used in the 2016 election -- are running Windows CE and have USB ports, along with other components, that make them even easie...

ADB Broadband Gateways Routers - Local Root Jailbreak

ADB Broadband Gateways Routers - Local Root Jailbreak SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local root jailbreak via network file sharing flaw product: All ADB Broadband Gateways / Routers based on Epicentro...