Astra Linux – Vulnerability in Chromium

In the Network Config UI of the Google Chrome browser on ChromeOS, incorrect security user interfaces prior to version 90.0.4430.72 allowed a remote attacker to potentially compromise Wi-Fi connection security through a malicious wireless adapter...

CVE-2025-65855

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...

CVE-2025-65855

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...

EUVD-2019-4826

Malware in sbrugna...

EUVD-2021-8603

Malicious code in bioql PyPI...

CVE-2019-5982

Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed...

CVE-2019-13321

This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The specific flaw exists within the...

K11155549: IPSEC vulnerability CVE-2019-14899

Security Advisory Description A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine...

macOS 10.15.x < 10.15.6 / 10.14.x < 10.14.6 Security Update 2020-004 / 10.13.x < 10.13.6 Security Update 2020-004

The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-004, 10.14.x prior to 10.14.6 Security Update 2020-004, or 10.15.x prior to 10.15.6. It is, therefore, affected by multiple vulnerabilities, including the following: - A vulnerability wa...

CVE-2019-13321

This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The specific flaw exists within the...

kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c

A flaw was found in the mwifiex implementation in the Linux kernel. A system connecting to wireless access point could be manipulated by an attacker with advanced permissions on the access point into localized memory corruption or possibly privilege escalation...

CVE-2019-14899

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and...

kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c

A flaw was found in the mwifiex implementation in the Linux kernel. A system connecting to wireless access point could be manipulated by an attacker with advanced permissions on the access point into localized memory corruption or possibly privilege escalation...

(Pwn2Own) Xiaomi Browser Captive Portal WebView Authorization Bypass Vulnerability

This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Mi6. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The specific flaw exists within the handling of HTTP...

(0Day) (Pwn2Own) Xiaomi Mi6 Browser downloadAndInstallApk Improper Authorization Remote Code Execution Vulnerability

This vulnerability allows network adjacent attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The specific flaw exists within the handling of...

(0Day) (Pwn2Own) Xiaomi Mi6 Captive Portal Whitelist Bypass Remote Code Execution Vulnerability

This vulnerability allows network adjacent attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The specific flaw exists within the handling of...