Lucene search
+L

171 matches found

Malwarebytes
Malwarebytes
added 2024/03/22 6:43 p.m.61 views

Canada revisits decision to ban Flipper Zero

In February 2024 the Canadian government announced plans to ban the sale of the Flipper Zero, mainly because of its reported use to steal cars. The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems. If that doesnt...

7.2AI score
Exploits0
OSV
OSV
added 2024/03/06 10:51 a.m.16 views

BIT-COSIGN-2022-23649 Improper Certificate Validation in Cosign

Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker to have pull and...

3.3CVSS3.4AI score0.00163EPSS
Exploits0References3
OSV
OSV
added 2024/01/11 9:15 p.m.3 views

CVE-2023-50128

The remote keyless system of the Hozard alarm system alarmsystemen v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References2
NVD
NVD
added 2024/01/11 9:15 p.m.28 views

CVE-2023-50128

The remote keyless system of the Hozard alarm system alarmsystemen v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state...

5.3CVSS5.3AI score0.00225EPSS
Exploits0References1
Prion
Prion
added 2024/01/11 9:15 p.m.25 views

Design/Logic Flaw

The remote keyless system of the Hozard alarm system alarmsystemen v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state...

1.8CVSS7.2AI score0.00225EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.5 views

Hozard alarm system security breach

Hozard alarm system is an alarm system from Hozard. A security vulnerability exists in Hozard alarm system alarmsystemen version v1.0, which originates from a remote keyless system that sends the same RF signal for each request, and can be exploited by an attacker to conduct a replay attack and...

5.3CVSS6.8AI score0.00225EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/11 12:0 a.m.5 views

CVE-2023-50128

The remote keyless system of the Hozard alarm system alarmsystemen v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state...

5.2AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.7 views

PT-2024-13867

Name of the Vulnerable Software and Affected Versions Hozard alarm system version 1.0 Description The remote keyless system of the Hozard alarm system sends an identical radio frequency signal for each request, allowing an attacker to conduct replay attacks and bring the alarm system to a disarme...

5.3CVSS6.2AI score0.00225EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/01/11 12:0 a.m.35 views

CVE-2023-50128

The remote keyless system of the Hozard alarm system alarmsystemen v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state...

5.6AI score0.00225EPSS
Exploits0References1
NVD
NVD
added 2023/12/05 12:15 a.m.31 views

CVE-2023-26943

Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original...

6.5CVSS0.0018EPSS
Exploits4References2
OSV
OSV
added 2023/12/05 12:15 a.m.4 views

CVE-2023-26943

Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original...

6.5CVSS5.8AI score0.00466EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2023/12/05 12:15 a.m.7 views

CVE-2023-26943

Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original...

8.1CVSS6.8AI score0.00466EPSS
Exploits4References3
Prion
Prion
added 2023/12/05 12:15 a.m.19 views

Design/Logic Flaw

Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original...

3.3CVSS6.8AI score0.00466EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2023/12/04 12:0 a.m.39 views

CVE-2023-26943

CVE-2023-26943 describes weak encryption in RFID tags across Yale Lock family products (Keyless Lock v1.0; Conexis L1 v1.1.0; IA-210 Alarm v1.0), enabling tag cloning with physical proximity. Root cause: weak encryption in RFID tags. Red Hat advisories corroborate the same CVE across the Yale dev...

6.5CVSS6.2AI score0.00466EPSS
Exploits4References2Affected Software1
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.7 views

Yale Keyless Lock Security Vulnerability

Yale Keyless Lock is a keyless connected smart lock from Yale. A security vulnerability exists in Yale Keyless Lock v1.0, which stems from a weak encryption mechanism in the RFID tags, leading to an attacker being able to create a clone of the original tag by getting physically close to it...

6.5CVSS6.7AI score0.0018EPSS
Exploits4References1
Cvelist
Cvelist
added 2023/12/04 12:0 a.m.28 views

CVE-2023-26943

Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original...

6.5AI score0.00466EPSS
Exploits4References2
Positive Technologies
Positive Technologies
added 2023/12/03 12:0 a.m.4 views

PT-2023-20864 · Yale · Yale Keyless Lock

Name of the Vulnerable Software and Affected Versions: Yale Keyless Lock version v1.0 Description: The issue is related to weak encryption mechanisms in RFID Tags, which allows attackers to create a cloned tag via physical proximity to the original. Recommendations: For Yale Keyless Lock version...

8.1CVSS6.2AI score0.00466EPSS
Exploits4References7
NVD
NVD
added 2023/11/10 10:15 p.m.43 views

CVE-2023-47122

Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could...

5.3CVSS0.00369EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/11/10 9:33 p.m.22 views

CVE-2023-47122

Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could...

5.3CVSS5.1AI score0.00369EPSS
Exploits0
CVE
CVE
added 2023/11/10 9:33 p.m.85 views

CVE-2023-47122

Gitsign CVE-2023-47122 affects versions 0.6.0 up to 0.7.x (before 0.8.0): Rekor public keys were fetched via the Rekor API instead of the local TUF client, allowing a compromised upstream Rekor server to potentially mislead signature trust. No known compromise of the default Rekor instance (rekor...

5.3CVSS4.6AI score0.00369EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder