EUVD-2021-25724

Malware in sbrugna...

EUVD-2021-25725

Malware in sbrugna...

CVE-2021-39364

Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing for camera control after ARP cache poisoning has been achieved...

CVE-1999-0667

The ARP protocol allows any host to spoof ARP replies and poison the ARP cache to conduct IP address spoofing or a denial of service...

CVE-2025-30165 Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration

vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a SUB ZeroMQ socket and connect to an XPUB socket on the primary vLLM host. When data ...

Unbreakable Enterprise kernel security update

4.14.35-2047.515.3 - uek-rpm: Enable Pensando EMMC reset controller Thomas Tai Orabug: 34325721 - mfd: pensandoelbasr: Add Pensando Elba System Resource Chip Brad Larson Orabug: 34325721 - dsc-drivers: update drivers for 1.15.9-C-65 Shannon Nelson Orabug: 34325721 4.14.35-2047.515.2 - net/rds:...

Unbreakable Enterprise kernel-container security update

4.14.35-2047.515.3.el7 - uek-rpm: Enable Pensando EMMC reset controller Thomas Tai Orabug: 34325721 - mfd: pensandoelbasr: Add Pensando Elba System Resource Chip Brad Larson Orabug: 34325721 - dsc-drivers: update drivers for 1.15.9-C-65 Shannon Nelson Orabug: 34325721 4.14.35-2047.515.2.el7 -...

CVE-2021-39363

Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved...

CVE-2021-39364

Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing for camera control after ARP cache poisoning has been achieved...

Command injection

Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing for camera control after ARP cache poisoning has been achieved...

Design/Logic Flaw

Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved...

CVE-2021-39363

Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved...

CVE-2021-39363

CVE-2021-39363 affects Honeywell HDZP252DI (1.00.HW02.4) and HBW2PER1 (1.000.HW01.3) devices. Reported impact is a video replay attack that occurs after ARP cache poisoning is achieved. The NVD notes a high-severity, network-based vulnerability with CVSS v3.1 base score 9.8 (C:H, I:H, A:H; no pri...

CVE-2021-39364

Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing for camera control after ARP cache poisoning has been achieved...

CVE-2021-39364

The CVE-2021-39364 issue affects Honeywell HDZP252DI (1.00.HW02.4) and HBW2PER1 (1.000.HW01.3). It enables command spoofing for camera control after ARP cache poisoning, per multiple connected sources. Root cause: ARP spoofing enabling spoofed commands. No exploitation details or specific mitigat...

Wizard Spider Upgrades Ryuk Ransomware to Reach Deep into LANs

The Ryuk ransomware has added two features to enhance its effectiveness: The ability to target systems that are in “standby” or sleep mode; and the use of Address Resolution Protocol ARP pinging to find drives on a company’s LAN. Both are employed after the initial network compromise of a victim...

Slack: Slack DTLS uses a private key that is in the public domain, which may lead to SRTP stream hijack

Affects: Janus DTLS certificate Description The Janus server in use by Slack is configured using a certificate and private key that were previously distributed by default. This certificate is used to authenticate the DTLS connection which is later used to exchange keys for the SRTP stream. As a...

SMBetray - SMB MiTM Tool With A Focus On Attacking Clients Through File Content Swapping, Lnk Swapping, As Well As Compromising Any Data Passed Over The Wire In Cleartext

Version 1.0.0. This tool is a PoC to demonstrate the ability of an attacker to intercept and modify insecure SMB connections, as well as compromise some secured SMB connections if credentials are known. Background Released at Defcon26 at "SMBetray - Backdooring and Breaking Signatures" In SMB...

Uber: The Microsoft Store Uber App Does Not Implement Certificate Pinning

Summary The Microsoft Store Uber App Windows Phone Architecture does not properly implement certificate pinning. Security Impact Layer-2+ network traffic transmitted from and received by the app can be surreptitiously intercepted and transparently modified by an attacker, with no warnings or erro...

Cisco Network Convergence System 5500 Series Routers Local Denial of Service Vulnerability

A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System NCS 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering TE tunnels, resulting in a denial of servic...