Lucene search
K

538 matches found

CVE
CVE
added 2026/01/12 5:23 p.m.15 views

CVE-2025-68656

CVE-2025-68656 affects the ESP-IDF USB Host HID Driver. Before 1.1.0, usb_class_request_get_descriptor() frees and reallocates hid_device->ctrl_xfer while continuing to use a stale local pointer, causing an immediate use-after-free when processing attacker-controlled Report Descriptor lengths....

6.8CVSS6.2AI score0.00183EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/12 5:23 p.m.20 views

CVE-2025-68656 Espressif ESP-IDF USB Host HID (Human Interface Device) Driver Descriptor Use-After-Free Vulnerability

Espressif ESP-IDF USB Host HID Human Interface Device Driver allows access to HID devices. Prior to 1.1.0, usbclassrequestgetdescriptor frees and reallocates hiddevice-ctrlxfer when an oversized descriptor is requested but continues to use the stale local pointer, leading to an immediate...

6.8CVSS0.00183EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:2 a.m.8 views

CVE-2011-0639

Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the...

6.9CVSS7.2AI score0.003EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000484)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000484 advisory. A flaw was found in the Linux kernel in the function hiddebugeventsread in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters pass...

4.9CVSS6.1AI score0.00457EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000316)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000316 advisory. In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka...

6.8CVSS6.6AI score0.00504EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-21913

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.4.0 through 4.4.13 Wireshark versions 4.6.0 through 4.6.3 Description The USB HID protocol dissector in Wireshark is susceptible to memory exhaustion, potentially leading to a denial of service. The issue occurs when...

7.5CVSS5.9AI score0.00184EPSS
Exploits2References82
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.15 views

PT-2026-27747

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw where raw event callbacks could occur even for a HID device that had not been claimed, potentially causing a crash if a broken device were connected. The...

5.5CVSS5.3AI score0.00123EPSS
Exploits0References473
NVD
NVD
added 2025/12/30 1:16 p.m.3 views

CVE-2023-54207

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device reference for hidinput inputdev name Reference the HID device rather than the input device for the devm allocation of the inputdev name. Referencing the inputdev would lead to a use-after-free wh...

7.8CVSS0.0013EPSS
Exploits0References6
OSV
OSV
added 2025/12/30 1:16 p.m.10 views

AZL-78377 CVE-2023-54207 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device reference for hidinput inputdev name Reference the HID device rather than the input device for the devm allocation of the inputdev name. Referencing the inputdev would lead to a use-after-free wh...

7.8CVSS5.6AI score0.0013EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/12/30 12:11 p.m.7 views

CVE-2023-54207

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device reference for hidinput inputdev name Reference the HID device rather than the input device for the devm allocation of the inputdev name. Referencing the inputdev would lead to a use-after-free wh...

5.3AI score0.0013EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2025/12/30 12:11 p.m.13 views

CVE-2023-54207

CVE-2023-54207 affects the Linux kernel HID: uclogic driver. The root cause is using the input_dev name’s devm allocation instead of referencing the HID device, which could lead to a use-after-free when the input_dev is unregistered and a uevent depending on its name fires. The fix switches to re...

7.8CVSS6.1AI score0.0013EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/18 9:34 p.m.2 views

CVE-2025-43533

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash...

5.7CVSS5.8AI score0.00301EPSS
Exploits0References1
NVD
NVD
added 2025/12/17 9:16 p.m.3 views

CVE-2025-43533

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash...

5.7CVSS0.00301EPSS
Exploits0References8
CVE
CVE
added 2025/12/17 8:46 p.m.12 views

CVE-2025-43533

CVE-2025-43533 concerns a vulnerability in Apple’s Multi-Touch handling where a malicious HID device could trigger an unexpected process crash. The issue stems from insufficient bounds checking, with fixes described as improved bounds checks and memory handling. Affected products include iOS/iPad...

5.7CVSS5.8AI score0.00301EPSS
Exploits0References8Affected Software6
Vulnrichment
Vulnrichment
added 2025/12/17 8:46 p.m.5 views

CVE-2025-43533

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. A malicious HID device may cause an unexpected process crash...

6.4AI score0.00301EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.14 views

CVE-2025-63896

An issue in the Bluetooth Human Interface Device HID of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device...

3.5CVSS6.9AI score0.00291EPSS
Exploits2References1
OSV
OSV
added 2025/12/09 12:0 a.m.5 views

CVE-2023-53797 HID: wacom: Use ktime_t rather than int when dealing with timestamps

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: Use ktimet rather than int when dealing with timestamps Code which interacts with timestamps needs to use the ktimet type returned by functions like ktimeget. The int type does not offer enough space to store these...

6.4AI score0.00179EPSS
Exploits0References10
OSV
OSV
added 2025/12/04 9:16 p.m.6 views

CVE-2025-63896

An issue in the Bluetooth Human Interface Device HID of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device...

7.6CVSS5.9AI score0.00291EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2025/12/04 12:50 p.m.3 views

kernel: HID: core: Harden s32ton() against conversion to 0 bits

In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should...

7.1CVSS5.7AI score0.0015EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/04 12:0 a.m.4 views

CVE-2025-63896

An issue in the Bluetooth Human Interface Device HID of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device...

6.6AI score0.00291EPSS
Exploits2References1
Rows per page
Query Builder