Lucene search
K

133 matches found

EUVD
EUVD
added 2025/12/11 12:30 a.m.4 views

EUVD-2025-202610

Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...

6.3AI score0.00157EPSS
Exploits1References2
NVD
NVD
added 2025/12/10 10:16 p.m.3 views

CVE-2025-65291

Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...

7.4CVSS0.00157EPSS
Exploits1References1
OSV
OSV
added 2025/12/10 10:16 p.m.4 views

CVE-2025-65291

Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...

7.4CVSS5.8AI score0.00157EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.20 views

CVE-2025-65291

Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...

0.00157EPSS
Exploits1References1
Snyk
Snyk
added 2025/11/24 2:40 p.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the coapdtlsinfocallback function when a DTLS handshake occurs and SSLgetappdata returns NULL. An attacker can cause the application to crash by initiating a specially crafted DTLS handshake. Remediation...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References2
OSV
OSV
added 2025/11/24 2:15 p.m.2 views

DEBIAN-CVE-2025-65496

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS5.3AI score0.00226EPSS
Exploits0References1
OSV
OSV
added 2025/11/24 2:15 p.m.1 views

DEBIAN-CVE-2025-65501

Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...

4.3CVSS5.3AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2025/11/24 12:0 a.m.16 views

CVE-2025-65498

CVE-2025-65498 affects libcoap (core library) with a NULL pointer dereference in coap_dtls_generate_cookie() (src/coap_openssl.c) of libcoap 4.3.5, allowing remote attackers to cause a denial of service during a crafted DTLS handshake when SSL_get_SSL_CTX() returns NULL. Public references list li...

4.3CVSS6.3AI score0.00226EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.7 views

PT-2025-47912

NULL pointer dereference in coap dtls generate cookie in src/coap openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL get SSL CTX to return NULL...

6.7AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.4 views

PT-2025-47911

NULL pointer dereference in coap dtls generate cookie in src/coap openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL get SSL CTX to return NULL...

6.7AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.7 views

PT-2025-47914

NULL pointer dereference in coap dtls generate cookie in src/coap openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL get SSL CTX to return NULL...

6.7AI score0.00226EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/04 9:8 a.m.5 views

CVE-2025-48397

The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

7.1CVSS6.7AI score0.00202EPSS
Exploits0References1
NVD
NVD
added 2025/11/03 9:15 a.m.4 views

CVE-2025-48397

The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

7.1CVSS0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/03 8:28 a.m.4 views

EUVD-2025-37477

The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

7.1CVSS6.2AI score0.00202EPSS
Exploits0References2
CVE
CVE
added 2025/11/03 8:28 a.m.10 views

CVE-2025-48397

The CVE-2025-48397 issue affects Eaton Brightlayer Software Suite (BLSS). A privileged user could log in without sufficient credentials after enabling an application protocol. This vulnerability is fixed in the latest script patch, BLSS version 7.3.0.SCP004. Remediation is to upgrade to 7.3.0.SCP...

7.1CVSS6.4AI score0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/03 8:28 a.m.2 views

CVE-2025-48397

The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

7.1CVSS6.4AI score0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/03 8:28 a.m.7 views

CVE-2025-48397

The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

7.1CVSS0.00202EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.4 views

PT-2025-44758

Name of the Vulnerable Software and Affected Versions Eaton BLSS versions prior to 7.3.0.SCP004 Description A privileged user could log in without sufficient credentials after enabling an application protocol. Recommendations Update to version 7.3.0.SCP004 or later...

7.1CVSS6.6AI score0.00202EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/11/03 12:0 a.m.5 views

Eaton Brightlayer Software Suite 安全漏洞

Eaton Brightlayer Software Suite is a digital infrastructure management software suite from Eaton Corporation USA. A security vulnerability exists in Eaton Brightlayer Software Suite version 7.3.0.SCP004, which originates from a privileged user being able to log in without sufficient credentials...

7.1CVSS6.6AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/30 10:42 p.m.5 views

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...

5.3CVSS6.1AI score0.00443EPSS
Exploits0References7
Rows per page
Query Builder