1154 matches found
USN-6725-1: Linux kernel vulnerabilities
Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service system crash or possibly...
GDBFuzz - Fuzzing Embedded Systems Using Hardware Breakpoints
This is the companion code for the paper: 'Fuzzing Embedded Systems using Debugger Interfaces'. A preprint of the paper can be found here https://publications.cispa.saarland/3950/. The code allows the users to reproduce and extend the results reported in the paper. Please cite the above paper whe...
AutoWLAN - Run A Portable Access Point On A Raspberry Pi Making Use Of Docker Containers
This project will allow you run a portable access point on a Raspberry Pi making use of Docker containers. Further reference and explanations: https://fwhibbit.es/en/automatic-access-point-with-docker-and-raspberry-pi-zero-w Tested on Raspberry Pi Zero W. Access point configurations You can...
New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location
By Deeba Ahmed New Dark Web Tool GEOBOX, sold for $700 on Telegram and underground forums, hijacks Raspberry Pi, allowing cybercriminals to fake locations and evade detection. This is a post from HackRead.com Read the original post: New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location...
USN-6704-2: Linux kernel (Raspberry Pi) vulnerabilities
It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service system crash. CVE-2023-23000 Quentin Minster discovered that the KSMBD...
Ubuntu 22.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-6704-2)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6704-2 advisory. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions....
USN-6702-2: Linux kernel vulnerabilities
It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service system crash. CVE-2023-23000 It was discovered that the ARM Mali Display Processor...
USN-6681-1: Linux kernel vulnerabilities
Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service system...
USN-6653-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...
Potential buffer overflow in CBOR2 decoder
Summary Ever since https://github.com/agronholm/cbor2/pull/204 or specifically https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542 was merged, I can create a reproducible crash when running the snippet under PoC on a current Debian bullseye aarm64 on a Raspberry Pi ...
GHSA-375G-39JQ-VQ7M Potential buffer overflow in CBOR2 decoder
Summary Ever since https://github.com/agronholm/cbor2/pull/204 or specifically https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542 was merged, I can create a reproducible crash when running the snippet under PoC on a current Debian bullseye aarm64 on a Raspberry Pi ...
USN-6625-3: Linux kernel (Raspberry Pi) vulnerabilities
Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...
Raspberry Robin Malware Upgrades with Discord Spread and New Exploits
The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that "Raspberry Robin has access to an exploit seller or its authors develop the...
eza Potential Heap Overflow Vulnerability for AArch64
Summary In eza, there exists a potential heap overflow vulnerability, first seen when using Ubuntu for Raspberry Pi series system, on ubuntu-raspi kernel, relating to the .git directory. Details The vulnerability seems to be triggered by the .git directory in some projects. This issue may be...
USN-6624-1: Linux kernel vulnerabilities
Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...
The vulnerability of the MachineSense microprogramming software components in FeverWarn ESP32, FeverWarn RaspberryPi, and the FeverWarn DataHub RaspberryPi systems, which allows a intruder to gain unauthorized access to protected information.
The vulnerability of the MachineSense microprogramming software components in FeverWarn ESP32, FeverWarn RaspberryPi, and the FeverWarn DataHub RaspberryPi systems is related to the absence of authentication procedures for critical functions. Exploiting this vulnerability could allow an attacker ...
The vulnerabilities of the microprogramming software for thermal scanning systems—FeverWarn ESP32, FeverWarn RaspberryPi, and the FeverWarn DataHub RaspberryPi system for centralized data storage and management—allow a intruder to execute arbitrary commands or trigger failures.
The vulnerabilities of the microprogramming software for thermal scanning systems—FeverWarn ESP32, FeverWarn RaspberryPi, and the FeverWarn DataHub RaspberryPi system for centralized data storage and management—are related to insufficient validation of input data. Exploiting these vulnerabilities...
The vulnerabilities of the API interfaces of microprogramming software for thermal scanning systems like FeverWarn ESP32, FeverWarn RaspberryPi, and the FeverWarn DataHub RaspberryPi, which allow attackers to gain unauthorized access to protected information.
The vulnerability of the API interfaces of microprogramming software for thermal scanning systems like FeverWarn ESP32, FeverWarn RaspberryPi, and the FeverWarn DataHub RaspberryPi involves the absence of authentication procedures for critical functions. Exploiting this vulnerability could allow ...
The vulnerabilities of microprogramming software in FeverWarn ESP32, FeverWarn RaspberryPi, and the FeverWarn DataHub RaspberryPi systems allow a intruder to gain unauthorized access to protected information, execute arbitrary code, and gain full control over the device.
The vulnerability of the microprogramming software in FeverWarn ESP32, FeverWarn RaspberryPi, and the FeverWarn DataHub RaspberryPi systems is related to the absence of authentication procedures for critical functions. Exploiting this vulnerability could allow an attacker to gain unauthorized...
CVE-2023-49610
MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack...