128 matches found
PT-2025-39470
Name of the Vulnerable Software and Affected Versions Unitree Go2, G1, H1, and B2 devices through 2025-09-20 Description The devices decrypt Bluetooth Low Energy BLE packet data using a fixed key df98b715d5c6ed2b25817b6f2554124a and Initialization Vector IV 2841ae97419c2973296a0d4bdfe19a4f. This...
MAL-2025-10751 Malicious code in @zalastax/nolb-b2 (npm)
The package @zalastax/nolb-b2 was found to contain malicious code...
MAL-2025-9797 Malicious code in @zalastax/nolb-_b2 (npm)
The package @zalastax/nolb-b2 was found to contain malicious code...
Malicious code in @zalastax/nolb-b2 (npm)
The package @zalastax/nolb-b2 was found to contain malicious code...
CVE-2022-23651
b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...
PT-2024-38851 · Ruijie · Ruijie Eg2000K
Name of the Vulnerable Software and Affected Versions: Ruijie EG2000K version 11.16B2 Description: A critical issue has been found, affecting unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the content argument leads to unrestricted upload. The attack can be...
editions-b2.com Improper Access Control vulnerability OBB-3822051
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2022-24474
Name of the Vulnerable Software and Affected Versions Teleport versions 3.2.2 through 3.6.3-b2 Description The issue is an information leak via the "/user/get-role-list" web interface. This leak was discovered in the specified versions of Teleport. There is no information provided about the...
Teleport 安全漏洞
Teleport is an identity-aware, multi-protocol access agent from Teleport, Inc. Used by engineers and security professionals to unify access to SSH servers, Kubernetes clusters, web applications and databases across all environments. A security vulnerability exists in Teleport versions v3.2.2,...
Fedora: Security Advisory for restic (FEDORA-2022-5038c3236c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: restic-0.12.1-4.fc36
A backup program that is easy, fast, verifiable, secure, efficient and free. Backup destinations can be: Local SFTP REST Server Amazon S3 Minio Server OpenStack Swift Backblaze B2 Microsoft Azure Blob Storage Google Cloud Storage Other Services via rclone...
Fedora: Security Advisory for restic (FEDORA-2022-ba365d3703)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: restic-0.12.1-3.fc36
A backup program that is easy, fast, verifiable, secure, efficient and free. Backup destinations can be: Local SFTP REST Server Amazon S3 Minio Server OpenStack Swift Backblaze B2 Microsoft Azure Blob Storage Google Cloud Storage Other Services via rclone...
GHSA-8WR4-2WM6-W3PR B2 Command Line Tool TOCTOU application key disclosure
Impact Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. The command line tool saves API keys and bucket...
B2 Command Line Tool TOCTOU application key disclosure
Impact Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. The command line tool saves API keys and bucket...
django-b2 (>=0.1.4 <=0.7.0), mdid (=3.6.0) potentially affected by CVE-2022-23651 via b2sdk (>=0.1.6 <=1.0.2)
b2sdk PYPI version =0.1.6, =0.1.4, =0.7.0 - mdid =3.6.0 Source cves: CVE-2022-23651 Source advisory: OSV:GHSA-P867-FXFR-PH2W...
GHSA-P867-FXFR-PH2W b2-sdk-python TOCTOU application key disclosure
Impact Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. SDK users of the SqliteAccountInfo format are vulnerable while users...
Time-of-check-time-of-use (TOCTOU)
b2 is vulnerable to time-of-check-time-of-use. A local attacker is able to read the contents of the local database file where API keys are saved when b2 authorize-accounto is first run, resulting in sensitive information disclosure via race condition...
CVE-2022-23651
b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...
django-b2 (>=0.1.4 <=0.7.0), mdid (=3.6.0) potentially affected by CVE-2022-23651 via b2sdk (>=0.1.6 <=1.0.2)
b2sdk PYPI version =0.1.6, =0.1.4, =0.7.0 - mdid =3.6.0 Source cves: CVE-2022-23651 Source advisory: OSV:PYSEC-2022-33...