133 matches found
EUVD-2025-202610
Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...
CVE-2025-65291
Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...
CVE-2025-65291
Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...
CVE-2025-65291
Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the coapdtlsinfocallback function when a DTLS handshake occurs and SSLgetappdata returns NULL. An attacker can cause the application to crash by initiating a specially crafted DTLS handshake. Remediation...
DEBIAN-CVE-2025-65496
NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...
DEBIAN-CVE-2025-65501
Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...
CVE-2025-65498
CVE-2025-65498 affects libcoap (core library) with a NULL pointer dereference in coap_dtls_generate_cookie() (src/coap_openssl.c) of libcoap 4.3.5, allowing remote attackers to cause a denial of service during a crafted DTLS handshake when SSL_get_SSL_CTX() returns NULL. Public references list li...
PT-2025-47912
NULL pointer dereference in coap dtls generate cookie in src/coap openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL get SSL CTX to return NULL...
PT-2025-47911
NULL pointer dereference in coap dtls generate cookie in src/coap openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL get SSL CTX to return NULL...
PT-2025-47914
NULL pointer dereference in coap dtls generate cookie in src/coap openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL get SSL CTX to return NULL...
CVE-2025-48397
The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...
CVE-2025-48397
The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...
EUVD-2025-37477
The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...
CVE-2025-48397
The CVE-2025-48397 issue affects Eaton Brightlayer Software Suite (BLSS). A privileged user could log in without sufficient credentials after enabling an application protocol. This vulnerability is fixed in the latest script patch, BLSS version 7.3.0.SCP004. Remediation is to upgrade to 7.3.0.SCP...
CVE-2025-48397
The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...
CVE-2025-48397
The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...
PT-2025-44758
Name of the Vulnerable Software and Affected Versions Eaton BLSS versions prior to 7.3.0.SCP004 Description A privileged user could log in without sufficient credentials after enabling an application protocol. Recommendations Update to version 7.3.0.SCP004 or later...
Eaton Brightlayer Software Suite 安全漏洞
Eaton Brightlayer Software Suite is a digital infrastructure management software suite from Eaton Corporation USA. A security vulnerability exists in Eaton Brightlayer Software Suite version 7.3.0.SCP004, which originates from a privileged user being able to log in without sufficient credentials...
CVE-2025-58189
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...