MiracleLinux 7 : gnupg2-2.0.22-5.el7 (AXSA:2018-3256:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-3256:01 advisory. gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification CVE-2018-12020 Tenable has...

Phishing Attack

Keycloak is vulnerable to a phishing attack. The vulnerability is due to unsanitized user-controlled input in the errordescription query parameter being rendered directly in trusted error pages, which allows an attacker to craft misleading URLs that display fake messages, links, or contact detail...

Sendit tricked kids, harvested their data, and faked messages, FTC claims

The Federal Trade Commission FTC has sued Sendit’s parent company, saying it signed up children under 13, collected their personal data, and misled them with fake messages and recurring bills. The lawsuit, filed against the app's owner Iconic Hearts Holdings Inc and CEO Hunter Rice, alleges the...

Refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

The vulnerability in the software implementation of the SAML protocol simpleamlphp/saml2 and the XML document security processing programs simpleamlphp/xml-security, related to insufficient verification of data authenticity, allows a perpetrator to create false SAML messages.

The vulnerability of the SAML protocol implementation in simpleamlphp/saml2 and the XML document security processing in simpleamlphp/xml-security is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor to create a fake SAML message...

CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...

Authentication flaw

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...

CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...

PT-2023-29731 · Google · Android Client

Name of the Vulnerable Software and Affected Versions: Android Client affected versions not specified Description: The issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker. This enables the attacker to send fake messages to the HMI device, as the...

Bosch ctrlX HMI Web Panel WR21 Access Control Error Vulnerability

Bosch ctrlX HMI Web Panel WR21 is an HMI panel from Bosch Germany. A security vulnerability exists in the ctrlX HMI Web Panel WR21 version, which originates from a vulnerability that allows an attacker to force an Android Agent application to connect to a malicious MQTT proxy and send a fake...

EulerOS 2.0 SP10 : git (EulerOS-SA-2023-2354)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by...

EulerOS 2.0 SP9 : git (EulerOS-SA-2023-2332)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : git (SUSE-SU-2023:2038-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2038-1 advisory. - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8,...

ALPINE-CVE-2023-25815

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...

DEBIAN-CVE-2023-25815

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...

CVE-2023-25815

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...

Spoofing Attack

matrix-js-sdk is vulnerable to spoofing attacks. The vulnerability exists due to a lack of sanitization of the secret key sent during self-verification, allowing an attacker to send fake to-device messages appearing to originate from another user...

Design/Logic Flaw

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

Emergency Alert System Flaws Could Let Attackers Transmit Fake Messages

The U.S. Department of Homeland Security DHS has warned of critical security vulnerabilities in Emergency Alert System EAS encoder/decoder devices. If left unpatched, the issues could allow an adversary to issue fraudulent emergency alerts over TV, radio, and cable networks. The August 1 advisory...

What is Smishing? The 101 guide

Smishing is a valuable tool in the scammers armoury. Youve likely run into it, even if you didnt know that is its name. It doesnt arrive by email or social media direct message, instead choosing a route directly aimed at what may be your most personal device: the mobile phone. So, what is Smishin...