SUSE CVE-2009-1338

The killsomethinginfo function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via ...

SUSE CVE-2010-5328

include/linux/inittask.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service system crash by leveraging access to this process group...

SUSE CVE-2013-0292

The dbusgproxymanagerfilter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal...

SUSE CVE-2019-19118

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...

Ruckus Networks 多款产品命令注入漏洞

Ruckus Networks Unleashed C110 is a wireless LAN product from Ruckus Networks, Inc. A security vulnerability exists in various RUCKUS Networks products that originates from a remote code execution command injection that alters and sets unauthorized "illegal region codes", resulting in the operati...

CVE-2022-38766

The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack...

Open redirect

The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack...

CVE-2022-38766

The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack...

CVE-2022-38766

The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack...

GPS Signals Are Being Disrupted in Russian Cities

Navigation system monitors have seen a recent uptick in interruptions since Ukraine began launching long-range drone attacks...

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x ICMP Flood Attack

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x ping/traceroute ICMP Flood Attack Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1.16...

Cyber Signals: Risks to critical infrastructure on the rise

Today, the third edition of Cyber Signals was released spotlighting security trends and insights gathered from Microsoft’s 43 trillion daily security signals and 8,500 security experts. In this edition, we share new insights on wider risks that converging IT, Internet of Things IoT, and operation...

Telos Alliance Omnia MPX Node Insecure Direct Object Reference Vulnerability

The Telos Alliance Omnia MPX Node is a specialized hardware codec from Telos Alliance, USA. Capable of transmitting or receiving full FM signals at data rates as low as 320 kbps using the Omnia μMPXTM algorithm, it is ideally suited for capacity-limited networks, including IP radios. An insecure...

CVE-2022-45914

The ESL Electronic Shelf Label protocol, as implemented by for example the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospit...

CVE-2022-45914

The ESL Electronic Shelf Label protocol, as implemented by for example the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospit...

CVE-2022-45914

CVE-2022-45914 describes a lack of authentication in the ESL (Electronic Shelf Label) protocol as implemented by devices such as the OV80e934802 RF transceiver on the ETAG-2130-V4.3 (20190629) board. The vulnerability enables an attacker to change label values via 433 MHz RF signals, with documen...

Threatest - Threatest Is A Go Framework For End-To-End Testing Threat Detection Rules

Threatest is a Go framework for testing threat detection end-to-end. Threatest allows you to detonate an attack technique, and verify that the alert you expect was generated in your favorite security platform. Read the announcement blog post:...

Ubuntu: Security Advisory (USN-5008-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs

A security researcher who has a long line of work demonstrating novel data exfiltration methods from air-gapped systems has come up with yet another technique that involves sending Morse code signals via LEDs on network interface cards NICs. The approach, codenamed ETHERLED, comes from Dr...

CVE-2022-36945

The Remote Keyless Entry RKE receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. The attacker retains the ability to...