Dagan Henderson

**Name of the Vulnerable Software and Affected Versions** SunPower PVS6 (affected versions not specified) **Description** The SunPower PVS6’s BluetoothLE interface is vulnerable due to the use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could gain full access to the device’s servicing interface. This access allows actions such as firmware replacement, disabling power production, modifying grid settings, creating SSH tunnels, altering firewall settings, and manipulating connected devices. A real-world incident has been reported where a user discovered the vulnerability and was able to identify the potential to shutdown power production. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SUSE Longhorn versions prior to 1.1.3 SUSE Longhorn versions prior to 1.2.3 **Description** A Missing Authentication for Critical Function issue in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. **Recommendations** For SUSE Longhorn versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. For SUSE Longhorn versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SUSE Longhorn longhorn versions prior to 1.1.3 longhorn versions prior to 1.2.3v **Description** A Missing Authentication for Critical Function issue in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance, granting them the ability to read and write data to and from a replica that they should not have access to. **Recommendations** For SUSE Longhorn longhorn versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. For longhorn versions prior to 1.2.3v, update to version 1.2.3v or later to resolve the issue.