171 matches found
Canada revisits decision to ban Flipper Zero
In February 2024 the Canadian government announced plans to ban the sale of the Flipper Zero, mainly because of its reported use to steal cars. The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems. If that doesnt...
BIT-COSIGN-2022-23649 Improper Certificate Validation in Cosign
Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker to have pull and...
CVE-2023-50128
The remote keyless system of the Hozard alarm system alarmsystemen v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state...
CVE-2023-50128
The remote keyless system of the Hozard alarm system alarmsystemen v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state...
Design/Logic Flaw
The remote keyless system of the Hozard alarm system alarmsystemen v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state...
Hozard alarm system security breach
Hozard alarm system is an alarm system from Hozard. A security vulnerability exists in Hozard alarm system alarmsystemen version v1.0, which originates from a remote keyless system that sends the same RF signal for each request, and can be exploited by an attacker to conduct a replay attack and...
CVE-2023-50128
The remote keyless system of the Hozard alarm system alarmsystemen v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state...
PT-2024-13867
Name of the Vulnerable Software and Affected Versions Hozard alarm system version 1.0 Description The remote keyless system of the Hozard alarm system sends an identical radio frequency signal for each request, allowing an attacker to conduct replay attacks and bring the alarm system to a disarme...
CVE-2023-50128
The remote keyless system of the Hozard alarm system alarmsystemen v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state...
CVE-2023-26943
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original...
CVE-2023-26943
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original...
CVE-2023-26943
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original...
Design/Logic Flaw
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original...
CVE-2023-26943
CVE-2023-26943 describes weak encryption in RFID tags across Yale Lock family products (Keyless Lock v1.0; Conexis L1 v1.1.0; IA-210 Alarm v1.0), enabling tag cloning with physical proximity. Root cause: weak encryption in RFID tags. Red Hat advisories corroborate the same CVE across the Yale dev...
Yale Keyless Lock Security Vulnerability
Yale Keyless Lock is a keyless connected smart lock from Yale. A security vulnerability exists in Yale Keyless Lock v1.0, which stems from a weak encryption mechanism in the RFID tags, leading to an attacker being able to create a clone of the original tag by getting physically close to it...
CVE-2023-26943
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original...
PT-2023-20864 · Yale · Yale Keyless Lock
Name of the Vulnerable Software and Affected Versions: Yale Keyless Lock version v1.0 Description: The issue is related to weak encryption mechanisms in RFID Tags, which allows attackers to create a cloned tag via physical proximity to the original. Recommendations: For Yale Keyless Lock version...
CVE-2023-47122
Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could...
CVE-2023-47122
Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could...
CVE-2023-47122
Gitsign CVE-2023-47122 affects versions 0.6.0 up to 0.7.x (before 0.8.0): Rekor public keys were fetched via the Rekor API instead of the local TUF client, allowing a compromised upstream Rekor server to potentially mislead signature trust. No known compromise of the default Rekor instance (rekor...