56 matches found
EUVD-2018-6436
Malware in sbrugna...
EUVD-2017-4609
Malware in sbrugna...
EUVD-2017-4610
Malware in sbrugna...
EUVD-2022-28751
Malicious code in bioql PyPI...
RHEL 5 : wpa_supplicant (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wpasupplicant: local configuration update allows privilege escalation CVE-2016-4477 - wpasupplicant:...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : wpa_supplicant and hostapd vulnerability (USN-3745-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3745-1 advisory. It was discovered that wpasupplicant and hostapd incorrectly handled certain messages. An attacker could possibly use this to access...
SUSE-SU-2023:0684-1 Security update for openssl
This update for openssl fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GeneralNameFixed bsc1207533. - CVE-2023-0215: Fixed a use-after-free following BIOnewNDEF bsc1207536. - CVE-2022-4304: Fixed a timing oracle in RSA decryption bsc1207534. The following...
SUSE CVE-2018-14526
An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive...
CVE-2022-23822
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader FSBL by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a...
CVE-2022-23822
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader FSBL by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a...
Authentication flaw
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader FSBL by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a...
CVE-2022-23822
CVE-2022-23822 concerns the Zynq-7000 SoC First Stage Boot Loader (FSBL). A physical attack may bypass FSBL authentication and load a malicious image onto the device, enabling the attacker to perform further actions such as using the device as a decryption oracle. The NVD entry notes a mitigation...
CVE-2022-23822
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader FSBL by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a...
CVE-2022-23822
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader FSBL by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a...
Mageia: Security Advisory (MGASA-2018-0348)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : roundcubemail (openSUSE-2020-1516)
This update for roundcubemail fixes the following issues : roundcubemail was upgraded to 1.3.15 This is a security update to the LTS version 1.3. boo1175135 - Security: Fix cross-site scripting XSS via HTML messages with malicious svg content CVE-2020-16145 - Security: Fix cross-site scripting XS...
Authentication flaw
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...
PT-2020-20365 · Amazon Web Services · Aws S3 Crypto Sdk For Golang
Name of the Vulnerable Software and Affected Versions: AWS S3 Crypto SDK for GoLang versions prior to V2 Description: A vulnerability exists in the in-band key negotiation of the AWS S3 Crypto SDK for GoLang. An attacker with write access to the targeted bucket can change the encryption algorithm...
New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users
A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf. The impersonation attack —...
Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2018-1318)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...