Lucene search
+L

173 matches found

Cvelist
Cvelist
added 2023/01/12 10:27 p.m.33 views

CVE-2023-22597

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An...

6.5CVSS6.9AI score0.00513EPSS
Exploits0References1
CVE
CVE
added 2023/01/12 10:27 p.m.63 views

CVE-2023-22597

InHand Networks InRouter302 (pre-IR302 v3.5.56) and InRouter615 (pre-InRouter6XX-S-V2.3.0.r5542) are affected by CWE-319: Cleartext Transmission of Sensitive Information. The devices communicate with the cloud over an unsecured channel by default, allowing an attacker to intercept configuration d...

6.5CVSS5.9AI score0.00513EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/12 12:0 a.m.5 views

PT-2023-1283 · Inhand Networks · Inrouter 615 +1

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 302 versions prior to IR302 V3.5.56 InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542 Description: The issue is related to improper access control in the software of InHand Networks InRouter 30...

10CVSS8AI score0.00492EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/01/12 12:0 a.m.7 views

PT-2023-2790 · Inhand Networks · Inrouter 615 +1

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 302 versions prior to IR302 V3.5.56 InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542 Description: The issue is related to the use of insufficiently random values, specifically with the MQTT...

10CVSS8.2AI score0.00563EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/01/12 12:0 a.m.6 views

PT-2023-1075 · Inhand Networks · Inrouter 615 +1

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 302 versions prior to IR302 V3.5.56 InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542 Description: The issue is related to improper neutralization of special elements used in an OS command, whi...

9CVSS7.2AI score0.01638EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.7 views

PT-2023-1274 · Inhand Networks · Inrouter302 +1

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 302 versions prior to IR302 V3.5.56 InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542 Description: The issue is related to the use of a one-way hash with a predictable salt, allowing an...

9.1CVSS9AI score0.00321EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.8 views

PT-2023-1275 · Inhand Networks · Inrouter302 +1

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 302 versions prior to IR302 V3.5.56 InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542 Description: The issue is related to the use of an unsecured channel for data transmission by default, whic...

6.5CVSS6.3AI score0.00513EPSS
Exploits0References5
CVE
CVE
added 2022/12/06 4:0 p.m.149 views

CVE-2022-35843

CVE-2022-35843 affects FortiOS SSH login component (and FortiProxy SSH) across multiple versions, allowing remote, unauthenticated login via a crafted Access-Challenge response from RADIUS. Affected: FortiOS 6.0–7.2.0 and 6.2–6.4.9; FortiProxy 1.2.0–2.0.10 and 7.0.0–7.0.5. Root cause described as...

9.8CVSS9.5AI score0.00889EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2022/11/09 7:15 a.m.3 views

DEBIAN-CVE-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

7.5CVSS7.3AI score0.02453EPSS
Exploits1References1
NVD
NVD
added 2022/10/26 9:15 p.m.23 views

CVE-2022-40703

CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app...

6.1CVSS0.00313EPSS
Exploits0References1
Prion
Prion
added 2022/10/26 9:15 p.m.27 views

Authentication flaw

CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app...

3.6CVSS6.3AI score0.00313EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/26 8:2 p.m.8 views

CVE-2022-40703

CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app...

5.2CVSS6.3AI score0.00313EPSS
Exploits0References1
Prion
Prion
added 2022/10/26 6:15 p.m.27 views

Server side request forgery (ssrf)

The url parameter of the /api/geojson endpoint in Metabase versions 44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects...

4CVSS6.4AI score0.00656EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/10/26 12:0 a.m.29 views

CVE-2022-43776

The url parameter of the /api/geojson endpoint in Metabase versions 44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects...

6.7AI score0.00656EPSS
Exploits1References1
Hacker One
Hacker One
added 2022/07/06 2:0 p.m.17 views

U.S. Dept Of Defense: Account takeover on ███████ [HtUS]

Hello, I have found an endpoint in ████████ is vulnerable to Account takeover Steps to reproduce: 1. Create 2 accounts Attacker A and vicitm B 2. Log in to all of them and go to https://███████/███████/EditUserProfile with attacker's account 3. Now fill out the password with your password 4. Chan...

0.5AI score
Exploits0
Veracode
Veracode
added 2022/06/28 6:50 p.m.22 views

Server-Side Request Forgery

Dompdf is vulnerable to Information disclosure. The vulnerability exists when reading files using filegetcontents over http. If theres 302 response, it will allow a redirect to a blacklisted site...

5.3CVSS5.3AI score0.00959EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2022/06/28 2:15 p.m.21 views

Design/Logic Flaw

If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page...

4CVSS5.3AI score0.0068EPSS
Exploits0References1Affected Software40
CVE
CVE
added 2022/06/28 1:43 p.m.65 views

CVE-2022-30562

The CVE-2022-30562 entry describes a vulnerability in Dahua ASI7XXX devices where enabling the HTTPS function allows a MITM attacker to modify the user’s request data, injecting a malicious URL in the Host header that can trigger a 302 redirect to an attacker‑controlled page. This is evidenced by...

4.7CVSS4.6AI score0.0068EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.6 views

多款Dahua产品输入验证错误漏洞

Dahua IPC-HFW2XXX and others are products of Dahua China.Dahua IPC-HFW2XXX is an IP camera.Dahua IPC-HDBW2XXX is a series of cameras.Dahua ASI7XXXX is a series of face recognition access controllers. A security vulnerability exists in multiple Dahua products, which can be exploited by an attacker...

4.7CVSS5.3AI score0.0068EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.26 views

Slackware: Security Advisory (SSA:2015-302-03)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.9AI score0.81762EPSS
Exploits8References2
Rows per page
Query Builder