Path traversal

Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device...

Chipolo ONE 安全漏洞

Chipolo ONE is a key finder from Chipolo. Perfect for finding your keys, bags, backpacks in seconds. Chipolo ONE version 4.13.0 suffers from a security vulnerability that stems from the ability of a trusted owner to remotely share Chipolo access to another user who could be a potential attacker. ...

The vulnerability of the implementation of the shim_lock verification mechanism in the Grub2 operating system allows a perpetrator to execute arbitrary code and gain full control over the device.

The vulnerability of the shimlock verification mechanism in the Grub2 operating system’s loader is related to incorrect checking of the cryptographic signature. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain full control over the device...

The vulnerability affects the implementation of the Secure Boot protocol for operating system bootloaders like Grub2. This allows attackers to execute arbitrary code and gain full control over the device.

The vulnerability of the Secure Boot implementation of the Grub2 operating system is related to improper verification of the cryptographic signature. Exploiting this vulnerability allows a attacker to execute arbitrary code and gain full control over the device...

PT-2022-6337 · Unknown · Mklogic-500

Name of the Vulnerable Software and Affected Versions: MKLogic-500 affected versions not specified Description: The issue is related to the presence of hidden functionality, specifically SSH access, in the MKLogic-500. This could allow a remote attacker to gain full control over the device...

CVE-2022-23768

This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device...

CVE-2022-23768

This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device...

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls causing a kernel oops condition that results in a denial of service.

...

Design/Logic Flaw

An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker nee...

CVE-2022-22221

An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker nee...

The vulnerability of Apple M1 chip architecture allows a hacker to gain access to the OS’s kernel and gain full control over the vulnerable device.

The vulnerability of Apple M1 chip architecture is related to the disclosure of information through auxiliary channels. Exploiting this vulnerability can allow a hacker to gain access to the OS’s kernel and gain full control over the vulnerable device...

The vulnerability of the ExpressLRS radio control system, related to errors in the code, allows a intruder to intercept the value of the UID identifier and gain full control over the device.

The vulnerability of the ExpressLRS radio control system is related to errors in the code. Exploiting this vulnerability could allow a malicious actor, operating remotely, to intercept the UID identifier and gain full control over the device...

CVE-2022-31801 Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

多款Phoenix Contact产品数据伪造问题漏洞

Phoenix Contact ProConOS/ProConOS eCLR is a series of embedded automation devices from Phoenix Contact, Germany. A data forgery issue vulnerability exists in several Phoenix Contact products, which could allow an unauthenticated, remote attacker to upload malicious logic to a ProConOS/ProConOS...

PT-2022-2950 · Spacelogic +1 · Spacelogic C-Bus Application Controller +3

Name of the Vulnerable Software and Affected Versions: C-Bus Network Automation Controller - LSS5500NAC versions prior to V1.10.0 Wiser for C-Bus Automation Controller - LSS5500SHAC versions prior to V1.10.0 Clipsal C-Bus Network Automation Controller - 5500NAC versions prior to V1.10.0 Clipsal...

CVE-2022-22259

There is an improper authentication vulnerability in FLMG-10 10.0.1.0H100SP22C00. Successful exploitation of this vulnerability may lead to a control of the victim device...

CVE-2022-22259

There is an improper authentication vulnerability in FLMG-10 10.0.1.0H100SP22C00. Successful exploitation of this vulnerability may lead to a control of the victim device...

CVE-2022-22259

There is an improper authentication vulnerability in FLMG-10 10.0.1.0H100SP22C00. Successful exploitation of this vulnerability may lead to a control of the victim device...

Authentication flaw

There is an improper authentication vulnerability in FLMG-10 10.0.1.0H100SP22C00. Successful exploitation of this vulnerability may lead to a control of the victim device...

CVE-2022-22259

CVE-2022-22259 describes an improper authentication vulnerability in Huawei FLMG-10 devices (example: 10.0.1.0/H100SP22C00). The issue is triggered by authentication flaws that could allow an attacker to gain control of the victim device. The CVSSv3.1 vector (PHYSICAL access, LOW attack complexit...