SUSE-SU-2026:0626-1 Security update 5.1.2 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Non-customer-facing optimization around source building golang-github-lusitaniae-apacheexporter: - Build without apparmor for openSUSE Leap 16, SLES 16 or newer - Require Go 1.23 for building - Update to versi...

EUVD-2020-3541

Malware in sbrugna...

Malicious code in @zalastax/nolb-bsi (npm)

The package @zalastax/nolb-bsi was found to contain malicious code...

MAL-2025-10835 Malicious code in @zalastax/nolb-bsi (npm)

The package @zalastax/nolb-bsi was found to contain malicious code...

CVE-2020-11187

Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile...

OAuth2 client secrets were stored in a recoverable way

None...

CVE-2024-23674

The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from...

Authentication flaw

The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from...

CVE-2024-23674

The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from...

Magento LTS's guest order "protect code" can be brute-forced too easily

Impact Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protectcode". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. Patch...

SYS.2.2.3.A26

Bei der Nutzung des Virtual Secure Mode VSM SOLLTE beruecksichtigt werden dass forensische Untersuchungen, z. B. zur Sicherheitsvorfallbehandlung eingeschraenkt bzw erschwert werden. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...

Linux: BSI TR-02102-4 Encryption Algorithms

Recommended SSH encryption ciphers from TR-02102-4. Per the recommendations, AEADAES128GCM or AEADAES256GCM should be utilized when possible. Note: This check fails if any algorithms are found that are not specified in the VT preferences. The default list is based on the recommendations...

Linux: BSI TR-02102-4 3.6 Server Authentication

HostKeyAlgorithms specifies the host key algorithms offered by the server. Note: Ensure your SSH implementation is capable of using the ciphers specified in sshdconfig. This check does not look for pgp-sign-dss as an exception. If this cipher is used, it should have a key length of 3000 Bits / 25...

Linux: BSI TR-02102-4 Key Exchange Methods

When establishing the SSH connection, keys are exchanged in order to create and exchange shared session keys for authentication and encryption. The following key exchange methods are recommended: diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha256, diffie-hellman-group15-sha512,...

Exploit for Unrestricted Upload of File with Dangerous Type in Tp-Link Tl-Wr902Ac_Firmware

Internet of Vulnerable Things The results of my small term p...

bsi-hofmann.de Cross Site Scripting vulnerability OBB-2699779

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Talos Incident Response added to German BSI Advanced Persistent Threat response list

Cisco Talos Incident Response is now listed as an approved vendor on the Bundesamt für Sicherheit in der Informationstechnik BSI Advanced Persistent Threat APT response service providers list. Talos Incident Response successfully demonstrated to the BSI, through a review of our processes and a...

HealthForYou 1.11.1 / HealthCoach 2.9.2 User Enumeration Vulnerability

User enumeration through API Overview Advisory ID: TRSA-2104-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-01 Affected product: HealthForYou & Sanitas HealthCoach mobile and web applications Tested versions: HealthForYou 1.11.1...

CVE-2020-11187

Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile...

Memory corruption

Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile...