CVE-2025-54470 NeuVector telemetry sender is vulnerable to MITM and DoS

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

CVE-2025-54470 NeuVector telemetry sender is vulnerable to MITM and DoS

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

EUVD-2025-35220

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

CVE-2025-54470

Summary: CVE-2025-54470 affects NeuVector telemetry sender when the “Report anonymous cluster data” option is enabled. The root cause is failure to verify the telemetry server’s TLS certificate and hostname, enabling MITM attacks, and unbounded in-memory loading of the server response, enabling p...

[SECURITY] Fedora 42 Update: qt6-qtmqtt-6.9.3-1.fc42

MQTT is a machine-to-machine M2M protocol utilizing the publish-and-subscri be paradigm, and provides a channel with minimal communication overhead. The Qt MQTT module provides a standard compliant implementation of the MQTT protocol specification. It enables applications to act as telemetry...

Dyson App 安全漏洞

Dyson App is a mobile application for remote control of smart devices from Dyson Singapore. A security vulnerability exists in Dyson App versions v6.1.23041 through 23595, which originates from an unauthenticated attacker being able to remotely control another user's Dyson IoT device via MQTT...

SUSE CVE-2025-54470

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in transmission of telemetry data. An attacker can perform a man-in-the-middle attack to intercept or modify data in transit. Additionally, they can exhaust system memory by returning oversized responses...

GHSA-QQJ3-G7MX-5P4W NeuVector telemetry sender is vulnerable to MITM and DoS

Impact This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server at https://upgrades.neuvector-upgrade-responder.livestock.rancher.io. In affected...

NeuVector telemetry sender is vulnerable to MITM and DoS

Impact This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server at https://upgrades.neuvector-upgrade-responder.livestock.rancher.io. In affected...

CloudEdge App 安全漏洞

CloudEdge App is a mobile application designed for surveillance cameras from CloudEdge. A security vulnerability exists in CloudEdge App that stems from an uncleaned MQTT topic input that could lead to an attacker receiving all messages using MQTT wildcards to obtain credentials and key informati...

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

EUVD-2025-34617

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain encrypted application metadata, including device information, geolocation, and telemetry data...

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

CVE-2025-6026

CVE-2025-6026 concerns Lenovo Universal Device Client (UDC). The issue is improper certificate validation that could allow an attacker capable of intercepting network traffic to access application metadata, including device information, geolocation, and telemetry data. The security details indica...

Noisy Neighbor: Exploiting RDMA for Resource Exhaustion Attacks in Containerized Clouds

In modern containerized cloud environments, the adoption of RDMA Remote Direct Memory Access has expanded to reduce CPU overhead and enable high-performance data exchange. Achieving this requires strong performance isolation to ensure that one container's RDMA workload does not degrade the...

CVE-2017-20201

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...

A Multi-Layered Embedded Intrusion Detection Framework for Programmable Logic Controllers

Industrial control system ICS operations use trusted endpoints like human machine interfaces HMIs and workstations to relay commands to programmable logic controllers PLCs. Because most PLCs lack layered defenses, compromise of a trusted endpoint can drive unsafe actuator commands and risk...