334 matches found
DCeption: Real-World Wireless Man-In-The-Middle Attacks against CCS EV Charging
The adoption of Electric Vehicles EVs is happening at a rapid pace. To ensure fast and safe charging, complex communication is required between the vehicle and the charging station. In the globally used Combined Charging System CCS, this communication is carried over the HomePlug Green PHY HPGP...
kernel: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
A vulnerability was found in the Linux kernel's Controller Area Network CAN protocol, within the J1939 protocol implementation. This issue occurs due to a potential deadlock caused by a race condition involving three locks: j1939sockslock, activesessionlistlock, and sksessionqueuelock. This issue...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993205)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993205 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: check ipareaoffset and ipv6prefixescnt when receiving proposal msg When receiving propos...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992658)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992658 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: check ipareaoffset and ipv6prefixescnt when receiving proposal msg When receiving propos...
Nextcloud Calendar Security Feature Issue Vulnerability
Nextcloud Calendar is a Nextcloud open source calendar application. Nextcloud Calendar suffers from a security signature issue vulnerability that stems from an insecure way of generating meeting proposal participant tokens, which can be exploited by an attacker to cause the tokens to be computed...
CVE-2025-66511
The CVE-2025-66511 issue affects Nextcloud Calendar prior to version 6.0.3. It stems from insecure generation of meeting proposal participant tokens (not purely random; based on a hash function), which enables an attacker to compute valid tokens and abuse them to view details and submit dates in ...
Nextcloud Calendar 安全特征问题漏洞
Nextcloud Calendar is a Nextcloud open source calendar application. Nextcloud Calendar suffers from a security signature issue vulnerability that stems from an insecure way of generating meeting proposal participant tokens, which can be exploited by an attacker to cause the tokens to be computed...
GHSA-XQ4H-WQM2-668W Babylon's BIP322 signature implementation is not fully compliant to the spec
Summary The BIP-322 signature verification does not enforce the SIGHASH value to be SIGHASHALL, and therefore is not strictly following the spec. Impact Non-compliant BIP-322 signatures in proof of possessions can be accepted by the chain...
net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg
...
Nextcloud: Predictable proposal participant tokens enable unauthorized access and vote submission
A vulnerability was discovered in predictable proposal participant tokens, which enabled unauthorized access and vote submission...
EUVD-2007-6063
Malware in sbrugna...
CLSA-2025-1759780334 python3: Fix of CVE-2007-4559
CVE-2007-4559: implement PEP 706 - a filter in the tarfile module to prevent directory traversal vulnerability...
EUVD-2025-4587
Malicious code in bioql PyPI...
EUVD-2025-15807
Malicious code in bioql PyPI...
EUVD-2023-1247
Malicious code in bioql PyPI...
EUVD-2024-50217
Malicious code in bioql PyPI...
Pretalx Arbitrary File Read/Limited File Write
This module exploits functionality in Pretalx that export conference schedule as zipped file. The Pretalx will iteratively include any file referenced by any HTML tag and does not properly check the path of the file, which can lead to arbitrary file read. The module requires credentials that allo...
SUSE SLES15: kernel-coco / kernel-coco-devel / kernel-coco_debug / etc (SUSE-SU-2025:02923-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02923-1 advisory. The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs...
Speaker Proposal Deadline Approaches for OpenSSL Conference 2025 in Prague
Newark, United States, 23rd June 2025, CyberNewsWire...
SUSE-SU-2025:20413-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL bsc1228557. - CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer...