EUVD-2024-39282

Malicious code in bioql PyPI...

EUVD-2024-40037

Malicious code in bioql PyPI...

EUVD-2024-39159

Malicious code in bioql PyPI...

EUVD-2024-40429

Malicious code in bioql PyPI...

EUVD-2024-41625

Malicious code in bioql PyPI...

CVE-2024-45838

The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It is advised to not use sensitive information in callsigns when using this and previous versions of the plugin. Update to current plugin version which uses AES-256 encryption for callsigns in encrypted operation...

CVE-2024-45374

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent vi...

CVE-2024-43814

The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information PLI updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated encryption before a mission may accidentally...

CVE-2024-45723

The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast ...

CVE-2024-43108

The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. It is advised to continue to use encryption in the plugin and update to the curre...

CVE-2024-41931

The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations...

CVE-2024-43694

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device...

CVE-2024-41931

The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations...

CVE-2024-41715

The goTenna Pro ATAK Plugin does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used...

CVE-2024-43814 goTenna Pro ATAK Plugin Insertion of Sensitive Information Into Sent Data

The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information PLI updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated encryption before a mission may accidentally...

CVE-2024-43814

The CVE-2024-43814 entry describes a vulnerability in the goTenna Pro ATAK Plugin where default settings disclose location data by broadcasting PLI updates every 60 seconds when the plugin is active and connected, potentially unencrypted if encryption isn’t enabled. Affected version: Plugin 1.9.1...

CVE-2024-41715

The CVE-2024-41715 vulnerability affects the goTenna Pro ATAK Plugin and is a payload length disclosure in broadcasted frames, where the plugin does not inject extra characters to obfuscate message length, enabling an observer to determine payload length regardless of encryption. Affected product...

CVE-2024-41715 goTenna Pro ATAK Plugin Observable Response Discrepancy

The goTenna Pro ATAK Plugin does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used...

CVE-2024-41715 goTenna Pro ATAK Plugin Observable Response Discrepancy

The goTenna Pro ATAK Plugin does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used...

CVE-2024-41931

The CVE-2024-41931 entry concerns goTenna Pro ATAK Plugin where the encryption key name is transmitted in plaintext over RF via a broadcast message. Affected software: goTenna Pro ATAK Plugin (versions 1.9.12 and prior). Root cause: key name is sent unencrypted in broadcast data, enabling potenti...