Astra Linux - уязвимость в linux, linux-5.15, linux-6.1, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211gtkrekeyadd is called, and ieee80211gtkrekeyadd returns 0 due to KRACK protection identical key reinstall, ieee80211gtkrekeyadd will still return a pointer to the key...

CVE-2026-23601

CVE-2026-23601 describes a vulnerability in the wireless encryption handling of Wi‑Fi transmissions. A malicious actor can generate shared-key authenticated transmissions that impersonate a primary BSSID, delivering targeted, tampered data to specific endpoints and bypassing standard cryptographi...

PT-2026-22942

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists in a standardized wireless roaming protocol that may allow an attacker to install a manipulated Group Temporal Key GTK on a client device. Exploitation of this issue could lead to...

Password managers keep your passwords safe, unless…

I’m a big advocate of password managers. Granted, there are better alternatives for passwords like passkeys, but if a provider offers nothing but password options, which many do, you can’t do much about that. So, for the time being we seem to be stuck with passwords. Every reputable password...

Secure Group Key Agreement on Cyber-Physical System Buses

Cyber-Physical Systems CPSs rely on distributed embedded devices that often must communicate securely over buses. Ensuring message integrity and authenticity on these buses typically requires group-shared keys for Message Authentication Codes MACs. To avoid insecure fixed pre-shared keys and...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000872)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000872 advisory. Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Group Temporal Key GTK during the group key handshake, allowing an attacker within radio range to...

EUVD-2017-4599

Malware in sbrugna...

xxl-job Vulnerable to Resource Injection and Authorization Bypass Through User-Controlled Key

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to improper control of resource identifiers...

CVE-2023-23911

An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room...

kernel: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK

CVE-2024-27434 is a flaw in the Linux kernel’s iwlwifi driver related to handling Management Frame Protection MFP in certain Wi-Fi configurations. When connecting to an access point using TKIP as the group cipher, the driver incorrectly applies the MFP flag to the Group Temporal Key GTK, which is...

RHEL 5 : wpa_supplicant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wpasupplicant: local configuration update allows privilege escalation CVE-2016-4477 - wpasupplicant:...

Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol

Google has announced that it intends to add support for Message Layer Security MLS to its Messages service for Android and open source an implementation of the specification. "Most modern consumer messaging platforms including Google Messages support end-to-end encryption, but users today are...

CVE-2023-23911

An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room...

CVE-2023-23911

An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room...

CVE-2023-23911

An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room...

Rocket Chat 加密问题漏洞

Rocket Chat is a secure and compliant collaboration platform. A security vulnerability exists in versions prior to Rocket Chat v6. The vulnerability stems from an improper access control vulnerability, which can be exploited by an attacker to break the E2E encryption of a chat room by changing th...

CVE-2023-23911

The CVE-2023-23911 issue is an improper access control vulnerability in Rocket.Chat prior to v6 that could allow an attacker to break the E2E chat-room encryption by changing the group key. Root cause: a user can modify the group key via server-side operations, enabling access to encrypted messag...

SUSE CVE-2017-13080

Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Group Temporal Key GTK during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients...

SUSE CVE-2017-13081

Wi-Fi Protected Access WPA and WPA2 that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key IGTK during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients...

SUSE CVE-2017-13088

Wi-Fi Protected Access WPA and WPA2 that support 802.11v allows reinstallation of the Integrity Group Temporal Key IGTK when processing a Wireless Network Management WNM Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients...