149 matches found
CVE-2025-26438
In smpprocesssecureconnectionoobdata of smpact.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-26438
In smpprocesssecureconnectionoobdata of smpact.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-26438
In smpprocesssecureconnectionoobdata of smpact.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-26438
In smpprocesssecureconnectionoobdata of smpact.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-255601934
In multiple locations, there is a possible way to impersonate and MitM a device across session by only compromising one session key due to an insecure protocol design on Bluetooth Legacy Secure Connection LSC. This could lead to remote escalation of privilege with no additional execution privileg...
CLSA-2025-1751133420 Fix CVE(s): CVE-2025-21587, CVE-2025-30691, CVE-2025-30698
Update to 8u452-ga fixing a number of CVEs - CVE-2025-21587: better TLS connection support - CVE-2025-30691: improve compiler transformations - CVE-2025-30698: enhance Buffered Image handling - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2025-April/019989.html...
CVE-2024-52296
libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. At ospdcommon.c, on the osdpreplyname function, any reply id between REPLYACK and REPLYXRD is valid, but names array do not declare all of the range...
CVE-2020-29457
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection...
CVE-2019-15689
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege...
OpenSSH 10.0p1
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and...
USN-7360-1: Alpine vulnerabilities
It was discovered that Alpine did not use a secure connection under certain circumstances. A remote attacker could possibly use this issue to leak sensitive information. CVE-2020-14929 It was discovered that Alpine could allow untagged responses from an IMAP server before upgrading to a TLS...
CVE-2024-1638
The documentation specifies that the BTGATTPERMREADLESC and BTGATTPERMWRITELESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when i...
CVE-2024-52296 libosdp has a null pointer deref in osdp_reply_name
libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. At ospdcommon.c, on the osdpreplyname function, any reply id between REPLYACK and REPLYXRD is valid, but names array do not declare all of the range...
CVE-2024-52296 libosdp has a null pointer deref in osdp_reply_name
libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. At ospdcommon.c, on the osdpreplyname function, any reply id between REPLYACK and REPLYXRD is valid, but names array do not declare all of the range...
CVE-2024-52296 libosdp has a null pointer deref in osdp_reply_name
libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. At ospdcommon.c, on the osdpreplyname function, any reply id between REPLYACK and REPLYXRD is valid, but names array do not declare all of the range...
PT-2024-7663 · Curl +9 · Curl +9
Name of the Vulnerable Software and Affected Versions: curl versions prior to 8.10.1 Description: The issue is related to the implementation of the HSTS HTTP Strict Transport Security mechanism in the curl utility. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a...
Expert Tips on How to Spot a Phishing Link
Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links: 1. Check Suspicious URLs Phishing URLs are often long, confusing, o...
qtbase: qtbase: Delay any communication until encrypted() can be responded to
A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending...
Citrix Receiver is Unable to Create a Secure (https://) Connection in the Browser
When launching applications on Internet Explorer 10 using the Citrix Receiver for HTML5 v1.1, the following error message appears: “Citrix Receiver cannot create a secure https:// connection in this browser. Please try a different browser.”...
CVE-2024-22064
CVE-2024-22064 affects ZTE ZXUN-ePDG, a network node for the VoWifi system. The vulnerability arises from by-default configuration that uses a set of non-unique cryptographic keys during establishing a secure IKE connection with mobile devices. If these keys are leaked or cracked, user session in...