Search Results (Refine Search)
- Search Type: Search Last 3 Months
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-32505 |
An issue was discovered on certain Nuki Home Solutions devices. It is possible to send multiple BLE malformed packets to block some of the functionality and reboot the device. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4. Published: May 14, 2024; 6:43:41 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2022-32504 |
An issue was discovered on certain Nuki Home Solutions devices. The code used to parse the JSON objects received from the WebSocket service provided by the device leads to a stack buffer overflow. An attacker would be able to exploit this to gain arbitrary code execution on a KeyTurner device. This affects Nuki Smart Lock 3.0 before 3.3.5 and 2.0 before 2.12.4, as well as Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. Published: May 14, 2024; 6:43:41 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2022-32503 |
An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to this JTAG port may be able to connect to the device and bypass both hardware and software security protections. This affects Nuki Keypad before 1.9.2 and Nuki Fob before 1.8.1. Published: May 14, 2024; 6:43:41 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2022-32502 |
An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. Published: May 14, 2024; 6:43:40 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2020-18305 |
Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges. Published: May 14, 2024; 2:36:01 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34257 |
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. Published: May 08, 2024; 1:15:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34244 |
libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors. Published: May 08, 2024; 1:15:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33382 |
An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration Published: May 08, 2024; 1:15:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-25533 |
Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements. Published: May 08, 2024; 1:15:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-25532 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. Published: May 08, 2024; 1:15:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-25528 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. Published: May 08, 2024; 1:15:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-31961 |
A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter. Published: May 08, 2024; 12:15:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-28971 |
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Published: May 08, 2024; 12:15:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-25531 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. Published: May 08, 2024; 12:15:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-25530 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. Published: May 08, 2024; 12:15:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-25529 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx. Published: May 08, 2024; 12:15:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-25527 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. Published: May 08, 2024; 12:15:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-24908 |
Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem. Published: May 08, 2024; 12:15:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-24788 |
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. Published: May 08, 2024; 12:15:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-24787 |
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. Published: May 08, 2024; 12:15:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |