Lucene search
K

271 matches found

Positive Technologies
Positive Technologies
added 2024/10/03 12:0 a.m.7 views

PT-2024-29677 · Unknown · Tem Opera Plus Fm Family Transmitter

Name of the Vulnerable Software and Affected Versions: TEM Opera Plus FM Family Transmitter affected versions not specified Description: The TEM Opera Plus FM Family Transmitter has an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system i...

9.3CVSS7.5AI score0.00594EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.5 views

PT-2024-31263 · Hathway +1 · Hathway Skyworth Router Cm5100 +1

Name of the Vulnerable Software and Affected Versions: Hathway Skyworth Router CM5100 version 4.1.1.24 Description: The issue allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. This can lead to the exposure of sensitive information. Recommendations:...

8CVSS6.5AI score0.00618EPSS
Exploits1References8
NVD
NVD
added 2024/09/05 11:15 p.m.28 views

CVE-2024-39278

Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data...

4.6CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/05 10:39 p.m.16 views

CVE-2024-39278 Hughes Network Systems Insufficiently Protected Credentials

Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data...

4.2CVSS6.5AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2024/09/05 10:39 p.m.55 views

CVE-2024-39278

CVE-2024-39278 affects Hughes WL3000 Fusion Software (versions prior to 2.7.0.10). The issue arises from credentials used to access device configuration information being stored unencrypted in flash memory, allowing read-only access to network and terminal configuration data. According to connect...

4.6CVSS4.8AI score0.00197EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/05 10:39 p.m.23 views

CVE-2024-39278 Hughes Network Systems Insufficiently Protected Credentials

Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data...

4.2CVSS0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/05 12:0 a.m.4 views

PT-2024-28417 · Hughes Network Systems +1 · Wl3000 Fusion +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves credentials to access device configuration information being stored unencrypted in flash memory. These credentials allow read-only...

4.6CVSS6.7AI score0.00197EPSS
Exploits0References13
OSV
OSV
added 2024/05/28 4:7 p.m.20 views

CVE-2024-30212 Microchip Harmony 3 Core library allows read and write access to RAM via a SCSI READ or WRITE command

If a SCSI READ10 command is initiated via USB using the largest LBA 0xFFFFFFFF with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to wri...

7CVSS7AI score0.00568EPSS
Exploits0References6
NVD
NVD
added 2024/05/14 10:43 a.m.14 views

CVE-2022-32506

An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash...

6.4CVSS6.6AI score0.00434EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.5 views

Nuki Bridge 安全漏洞

Nuki Bridge is a smart lock control software from Nuki. A security vulnerability exists in Nuki Bridge v1.x prior to v1.22.0 and v2.x prior to v2.13.2, and Nuki Keypad v1.9.2 prior to v1.9.2, which stems from an attacker being able to use debugging functionality to control the execution of code o...

9.8CVSS7AI score0.0161EPSS
Exploits0References5
CVE
CVE
added 2024/05/09 7:47 p.m.52 views

CVE-2022-32506

Summary: CVE-2022-32506 relates to Nuki Smart Lock firmware where the root cause involves BLE command access that can be misused. Connected document details (RH entry) describe that some BLE commands, which should be restricted to privileged accounts, could be invoked by unprivileged accounts. Af...

6.4CVSS6.8AI score0.0161EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/04/25 12:0 a.m.94 views

Cisco Adaptive Security Appliance Software Privilege Escalation (cisco-sa-asaftd-persist-rce-FLsNXF4h)

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level...

6CVSS8.7AI score0.19434EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/04/25 12:0 a.m.90 views

Cisco Firepower Threat Defense Software Privilege Escalation (cisco-sa-asaftd-persist-rce-FLsNXF4h)

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level...

6CVSS8.7AI score0.19434EPSS
Exploits1References2
NVD
NVD
added 2024/04/24 7:15 p.m.27 views

CVE-2024-20359

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...

6CVSS6.2AI score0.19434EPSS
Exploits1References3
CVE
CVE
added 2024/04/24 6:16 p.m.499 views

CVE-2024-20359

CVE-2024-20359 affects Cisco ASA and Cisco FTD. A legacy capability flaw allows an authenticated local attacker to exploit improper validation of a file read from flash memory by copying a crafted file to disk0:, enabling arbitrary code execution with root privileges after the next device reload....

6CVSS7.3AI score0.19434EPSS
In wildExploits1References3Affected Software1
Cisco
Cisco
added 2024/04/24 4:0 p.m.64 views

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...

6CVSS6.6AI score0.19434EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.4 views

Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliance are both products of Cisco, Inc.Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services. Cisco Adaptive Security Appliance is a network appliance. Used to protect corpora...

6CVSS7.2AI score0.19434EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2024/04/24 12:0 a.m.41 views

CVE-2024-20359

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...

6CVSS7.2AI score0.19434EPSS
In wildExploits1References2
OSV
OSV
added 2024/04/22 12:15 p.m.5 views

CVE-2024-22807

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption...

6.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2024/04/22 12:15 p.m.14 views

CVE-2024-22807

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption...

6.5CVSS6.6AI score0.00421EPSS
Exploits0References1
Rows per page
Query Builder