34 matches found
CVE-2026-45866
A flaw was found in the Linux kernel's CAIF serial line discipline. A race condition exists between the ldiscclose function, which frees the terminal tty device, and the handletx function, which may attempt to access the freed device. This use-after-free UAF vulnerability allows a local attacker ...
EUVD-2018-1952
Malware in sbrugna...
EUVD-2013-2715
Malware in sbrugna...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987243)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987243 advisory. In the Linux kernel, the following vulnerability has been resolved: tty: fix deadlock caused by calling printk under ttyport-lock ptywrite invokes kmalloc which may...
GO-2023-2068 Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device in github.com/schollz/croc
Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device in github.com/schollz/croc...
CVE-2021-46905
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 "net: hso: fix null-ptr-deref during tty device unregistration" fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointe...
GHSA-364C-VVQX-446C Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device
An issue was discovered in Croc before 9.6.16. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver...
CVE-2023-43620
An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver...
CVE-2023-43620
An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver...
Design/Logic Flaw
An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver...
kernel: double free in bluetooth subsystem when the HCI device initialization fails
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system...
Security breaches in multiple CDATA products
Shenzhen C-Data Shenzhen C-Data 72408A and so on are the products of Shenzhen C-Data Company in China.Shenzhen C-Data 72408A is a kind of terminal equipment for connecting fiber optic trunks.Shenzhen C-Data FD1002S is a kind of terminal equipment for connecting fiber optic trunks.Shenzhen C-Data...
Multiple CDATA product trust management issue vulnerabilities
Shenzhen C-Data Shenzhen C-Data 72408A and so on are the products of Shenzhen C-Data Company in China.Shenzhen C-Data 72408A is a kind of terminal equipment for connecting fiber optic trunks.Shenzhen C-Data FD1002S is a kind of terminal equipment for connecting fiber optic trunks.Shenzhen C-Data...
Multiple CDATA product security breaches
Shenzhen C-Data Shenzhen C-Data 72408A and so on are the products of Shenzhen C-Data Company in China.Shenzhen C-Data 72408A is a kind of terminal equipment for connecting fiber optic trunks.Shenzhen C-Data FD1002S is a kind of terminal equipment for connecting fiber optic trunks.Shenzhen C-Data...
Multiple CDATA Products Trust Management Issue Vulnerabilities
Shenzhen C-Data Shenzhen C-Data 72408A and so on are the products of Shenzhen C-Data Company in China.Shenzhen C-Data 72408A is a kind of terminal equipment for connecting fiber optic trunks.Shenzhen C-Data FD1002S is a kind of terminal equipment for connecting fiber optic trunks.Shenzhen C-Data...
Authentication Bypass
The sudo superuser do utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain...
SUSE-SU-2018:3772-1 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1)
This update for the Linux Kernel 3.12.74-6064104 fixes one issue. The following security issue was fixed: - CVE-2018-18386: The drivers/tty/ntty.c allowed local attackers who are able to access pseudo terminals to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus...
CVE-2017-7467
A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process...
Xxe
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml that can result in An adversary can remotely launch XXE attacks on ONOS controller via an...
CVE-2018-1000616
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml that can result in An adversary can remotely launch XXE attacks on ONOS controller via an...