EUVD-2018-8310

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414676)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414676 advisory. An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext...

EUVD-2024-42282

Malicious code in bioql PyPI...

EUVD-2024-40037

Malicious code in bioql PyPI...

EUVD-2024-42277

Malicious code in bioql PyPI...

TestSSL 3.2.2

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in pure bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets...

$AutoGuardX$: a Comprehensive Cybersecurity Framework for Connected Vehicles

The rapid integration of Internet of Things IoT and interconnected systems in modern vehicles not only introduced a new era of convenience, automation, and connected vehicles but also elevated their exposure to sophisticated cyber threats. This is especially evident in US and Canada, where...

CVE-2024-47130

The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. It is advised to update your app to the current release for enhanced encryption protocols...

CVE-2024-47125

The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. It is advised to update your app to the current release for enhanced encryption protocols...

SUSE CVE-2020-26147

An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames...

Encrypted messaging service eavesdropped on by police, users arrested

After eavesdropping on yet another encrypted messaging service for five months, law enforcement agencies decided to shut down the service that was popular among members of organized crime groups. The service called Exclu claims to use the "most secure encryption protocols", as well as end-to-end...

SUSE-SU-2023:0075-1 Security update for net-snmp

This update for net-snmp fixes the following issues: - CVE-2022-44793: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance bsc1205148. - CVE-2022-44792: Fixed a NULL pointer dereference issue that could allow a remote attacker...

Securing your IoT with Edge Secured-core devices

A recent study conducted by Microsoft in partnership with Ponemon Institute included a survey of companies that have adopted IoT solutions and 65 percent of them mentioned that security is a top priority when implementing IoT. Attacks targeting IoT devices put businesses at risk. Impacted devices...

USN-5371-2: nginx vulnerability

USN-5371-1 fixed several vulnerabilities in nginx. This update provides the fix for CVE-2021-3618 for Ubuntu 22.04 LTS. Original advisory details: It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling...

Microsoft best practices for managing IoT security concerns

The Internet of Things, or IoT, has expanded beyond the mere concept that it was when first introduced. IoT is now part of most individuals’ daily activities, from smart speakers and thermostats to smartwatches and vehicles. IoT devices and systems bring massive convenience and functionality. IoT...

USN-5371-1: nginx vulnerabilities

It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-11724 It was discovered that nginx Lua module mishandled certain input...

kernel: reassembling mixed encrypted/plaintext fragments

A flaw was found in ieee80211rxhdefragment in net/mac80211/rx.c in the Linux Kernel's WiFi implementation. This vulnerability can be abused to inject packets or exfiltrate selected fragments when another device sends fragmented frames, and the WEP, CCMP, or GCMP data-confidentiality protocol is...

CVE-2018-16499

In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data Protection TSR Technical Security Requirements...

CVE-2018-16499

The CVE-2018-16499 entry concerns Versa Networks Versa VOS. The connected records indicate the issue stems from the use of unapproved SSH encryption protocols or cipher suites, enabling a network-endpoint attacker to perform a man-in-the-middle attack and potentially view communications between a...

CVE-2020-26140

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration...