25 matches found
CVE-2024-34490
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...
EUVD-2023-51080
Malicious code in bioql PyPI...
The vulnerability of the “Maxima Praidex” electronic queue management system lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary code.
The vulnerability of the “Maxima Praidex” electronic queue management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted SQL query remotely...
DEBIAN-CVE-2024-34490
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...
CVE-2024-34490
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...
CVE-2024-34490
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...
CVE-2024-34490
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...
UBUNTU-CVE-2024-34490
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...
CVE-2024-34490
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...
CVE-2024-34490
CVE-2024-34490 affects Maxima up to 5.47.0 before 51704c. The plotting facilities (e.g., plot2d) use predictable file names under /tmp, allowing a local attacker to pre-create files and influence contents. This is a local-impact condition as described in multiple connected sources (Red Hat, NVD/o...
Maxima 安全漏洞
Maxima is a computer algebra system written in Lisp from the Maxima open source. A security vulnerability exists in Maxima version 5.47.0 up to and including 51704c. A local attacker can exploit the vulnerability to create files ahead of time...
CVE-2024-34490
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...
CVE-2024-34490
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...
PT-2024-25940 · Maxima +1 · Maxima +1
Name of the Vulnerable Software and Affected Versions: Maxima versions prior to 5.47.0 before 51704c Description: The plotting facilities in the affected software make use of predictable names under /tmp, allowing a local attacker to control the contents by creating files in advance with these...
Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated) Vulnerability
Exploit Title: Maxima Max Pro Power - BLE Traffic Replay Unauthenticated Exploit Author: Alok kumar email protected, Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.maximawatches.com Product Link: https://www.maximawatches.com/products/max-pro-power Firmware Version: v1.0 486A Tested...
Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)
Exploit Title: Maxima Max Pro Power - BLE Traffic Replay Unauthenticated Date: 13-Nov-2023 Exploit Author: Alok kumar [email protected], Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.maximawatches.com Product Link: https://www.maximawatches.com/products/max-pro-power Firmware...
CVE-2023-46916
Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor...
CVE-2023-46916
Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor...
CVE-2023-46916
Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor...
Maxima Max Pro Power Security Vulnerability
The Maxima Max Pro Power is a smartwatch from Maxima. A security vulnerability exists in Maxima Max Pro Power 1.0 486A, which originates from allowing BLE traffic replay, and can be exploited by an attacker to perform destructive actions, such as activating the heart rate monitor, using GATT...