CVE-2026-31497

The CVE-2026-31497 entry concerns the Linux kernel Bluetooth USB (btusb) driver. The issue arises in btusb_work(), which maps the number of active SCO links to USB alternate settings using a three-entry table. It indexes alts[] with data->sco_num - 1 without constraining sco_num to the number ...

EUVD-2017-17809

Malware in sbrugna...

Elemental Path's CogniToys Dino Information Disclosure Vulnerability (CNVD-2018-00677)

Elemental Path's CogniToys Dino is a smart toy from Elemental Path's, USA that is capable of voice communication with children. An information disclosure vulnerability exists in Elemental Path's CogniToys Dino using firmware version 0.0.794 and earlier, which stems from the program's use of AES-1...

CVE-2017-8867

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on...

Path traversal

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on...

CVE-2017-8867

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on...

CVE-2017-8867

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on...

CVE-2017-8867

The CVE-2017-8867 entry covers CogniToys Dino smart toys (firmware up to 0.0.794). Affected component: voice traffic encryption uses AES-128 in ECB mode, which the documents state can be mapped to an AES key index, enabling eavesdropping on privacy-sensitive voice communications. Root cause is th...

Indian Intelligence Agencies going to deploy Internet Surveillance project NETRA

Think twice before using some words like ‘Bomb’, ‘Attack’, ‘Blast’ or ‘kill’ in your Facebook status update, tweets or emails, because this may flag you as a potential terrorist under a surveillance project of Indian Security agencies. This Indian Internet surveillance project named as NETRA...