PT-2026-3636

Name of the Vulnerable Software and Affected Versions ipTIME routers A2003NS-MU versions 10.00.6 through 12.16.2 ipTIME routers N600 versions 10.00.8 through 12.16.2 ipTIME routers A604-V3 versions 10.01.6 through 10.07.2 ipTIME routers A6ns-M versions 10.01.6 through 14.19.4 ipTIME routers V508...

EUVD-2017-9848

Malware in sbrugna...

EUVD-2022-52076

Malicious code in bioql PyPI...

CVE-2022-26943

The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited...

Memory corruption

Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the...

CVE-2022-26942

The CVE-2022-26942 entry concerns Motorola MTM5000 series firmware with missing pointer validation in two Trusted Execution Environment TEEs (KVL key management module and TETRA cryptographic module). The issue enables a non-secure supervisor level attacker to achieve secure supervisor code execu...

linux-firmware security update

20230516-999.20.git6c9e0ed5.el7 - cd72938cb480 linux-firmware: Update AMD fam17h cpu microcode - 92624e57af69 linux-firmware: Update AMD cpu microcode 20230516-999.19.git6c9e0ed5.el7 - Rebase to upstream - Revert removal of old iwlwifi firmwares Orabug: 35260375...

Hardcoded credentials

ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change...

CVE-2022-4780 hard coded credentials in elvexys ISOS firmwares

ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change...

CVE-2022-4780 hard coded credentials in elvexys ISOS firmwares

ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change...

PT-2022-28087 · Isos · Isos

Name of the Vulnerable Software and Affected Versions: ISOS firmwares versions 1.81 through 2.00 Description: The issue concerns hardcoded credentials in the embedded StreamX installer within ISOS firmwares. These credentials are not mandatory for integrators to change, posing a security risk...

frankenstein

This is a Python-based framework called Frankenstein, designed to provide a virtual environment for fuzzing wireless firmwares. The framework is currently optimized for the CYW20735 Bluetooth evaluation board but also supports the CYW20819A1 evaluation board. The framework allows users to attach ...

GSD-2022-1002268 brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path

brcmfmac: pcie: Release firmwares in the brcmfpciesetup error path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.189 by commit...

GSD-2022-1001590 brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path

brcmfmac: pcie: Release firmwares in the brcmfpciesetup error path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

GHunt - Investigate Google Accounts With Emai

GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email. It can currently extract : Owner's name Last time the profile was edited Google ID If the account is an Hangouts Bot Activated Google services Youtube, Photos, Maps, News360, Hangouts, etc. Possible Youtube...

CVE-2020-11775

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30,...

Default configuration

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs...

Design/Logic Flaw

The wpasupplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2...

CVE-2018-16269

The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2...

Design/Logic Flaw

The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2...