Re: 45 vulnerable ports unreported in VuXML

2023-03-26 Thread Tomek CEDRO
On Sun, Mar 26, 2023, 12:17 Hubert Tournier wrote: > Hello, > > While working on pipinfo , an > alternative Python packages management tool, I noticed that some Python > packages installed as FreeBSD ports where marked as vulnerable by the Python > Packaging Auth

wifi bugs

2023-03-31 Thread Tomek CEDRO
https://thehackernews.com/2023/03/new-wi-fi-protocol-security-flaw.html -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info

GhostRace (CVE-2024-2193) is a variation of Spectre v1 (CVE-2017-5753)

2024-03-16 Thread Tomek CEDRO
https://thehackernews.com/2024/03/ghostrace-new-data-leak-vulnerability.html -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info

Fwd: FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

2024-08-12 Thread Tomek CEDRO
:-) -- Forwarded message - From: The Hacker News Date: Mon, Aug 12, 2024 at 1:41 PM Subject: FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability THN Daily Updates [image: Newsletter] [image: cove

Re: Privileges using security tokens through PC/SC-daemon

2024-09-04 Thread Tomek CEDRO
On Wed, Sep 4, 2024 at 10:42 AM Jan Behrens wrote: > Hello, > I'm using packages "pcsc-lite-2.2.2,2" and "polkit-124_3" and set > "pcscd_enable" to "YES" in "/etc/rc.conf". > > My computer has a YubiKey 5 NFC with firmware version 5.7.1 connected > to it. When I create an unprivileged user account

[YubiKey/YubiHSM] Security Advisory YSA-2024-03 Infineon ECDSA Private Key Recovery

2024-09-04 Thread Tomek CEDRO
For anyone using the Yubico tokens :-) https://www.yubico.com/support/security-advisories/ysa-2024-03/ Published Date: 2024-09-03 Tracking IDs: YSA-2024-03 CVE: In Process CVSS Severity: 4.9 Summary A vulnerability was discovered in Infineon’s cryptographic library, which is utilized in YubiKey

CVE-2024-9680/9.8: Firefox.

2024-10-10 Thread Tomek CEDRO
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, and Firefox ESR < 115.16.1. https

Re: CVE-2024-9680/9.8: Firefox.

2024-10-10 Thread Tomek CEDRO
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281992 -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info

real world hardware testing ci

2025-02-17 Thread Tomek CEDRO
Hello world :-) Sorry for cross posting but I just need short quick info :-) I am writing a paper and designing distributed real world hardware build and runtime verification for NuttX RTOS, kinda in-house what you have CI automation to complement build only CI. There are over 15 different suppor