Lucene search
K

183 matches found

Cvelist
Cvelist
added 2022/10/13 12:0 a.m.10 views

CVE-2022-34020

Cross Site Request Forgery CSRF vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts...

9AI score0.004EPSS
Exploits1References2
CVE
CVE
added 2022/10/13 12:0 a.m.50 views

CVE-2022-34021

CVE-2022-34021 affects ResIOT IOT Platform + LoRaWAN Network Server up to version 4.1.1000114, with multiple XSS vulnerabilities exploitable via form fields. Reported severity CVSS v3.1 base score 5.4 (Medium). Remediation guidance in PT-Security PR notes a fix-containing version, but no specific...

5.4CVSS5.5AI score0.00443EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/13 12:0 a.m.10 views

CVE-2022-34021

Multiple Cross Site Scripting XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields...

5.5AI score0.00443EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/10/13 12:0 a.m.4 views

CVE-2022-34020

Cross Site Request Forgery CSRF vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts...

8.8AI score0.004EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/10/13 12:0 a.m.3 views

PT-2022-21972 · Unknown · Resiot Iot Platform +1

Name of the Vulnerable Software and Affected Versions: ResIOT IOT Platform + LoRaWAN Network Server versions through 4.1.1000114 Description: The issue concerns multiple Cross Site Scripting XSS vulnerabilities. These vulnerabilities can be exploited via the form fields. Recommendations: For...

5.4CVSS5.5AI score0.00443EPSS
Exploits1References4
CVE
CVE
added 2022/10/13 12:0 a.m.57 views

CVE-2022-34020

The CVE-2022-34020 entry concerns ResIOT IOT Platform + LoRaWAN Network Server (up to version 4.1.1000114). A Cross Site Request Forgery (CSRF) vulnerability could allow an attacker to add new admin users, with other unspecified impacts mentioned across sources. Reported impact severity is high (...

8.8CVSS8.7AI score0.004EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/13 12:0 a.m.6 views

CVE-2022-34022

SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive...

7.2AI score0.00804EPSS
Exploits1References1
Check Point Advisories
Check Point Advisories
added 2022/08/07 12:0 a.m.5 views

WibuKey Network Server Management Heap Overflow (CVE-2018-3991)

A heap overflow vulnerability exists in WibuKey Network Server Management. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

7.5CVSS4.4AI score0.34329EPSS
Exploits1
OSV
OSV
added 2022/07/26 3:0 a.m.8 views

OESA-2022-1780 derby security update

Apache Derby, an Apache DB sub-project, is a relational database implemented entirely in Java. Some key advantages include a small footprint, conformance to Java, JDBC, and SQL standards and embedded JDBC driver. Security Fixes: In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network...

5.3CVSS7.4AI score0.04504EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.20 views

Improper Access Control in Apache Derby

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

5.3CVSS1.7AI score0.04504EPSS
Exploits0References11Affected Software1
NVD
NVD
added 2022/03/02 11:15 p.m.8 views

CVE-2021-4076

A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys...

7.5CVSS0.01503EPSS
Exploits0References3
Sick AG
Sick AG
added 2022/02/17 4:0 p.m.9 views

Vulnerability in SICK FieldEcho

WIBU publicly released an advisory for the WIBU product “CodeMeter Runtime Network Server”. The advisory discloses a buffer over-read vulnerability that was found in the WIBU product “CodeMeter Runtime Network Server”. By default the network server functionality is disabled, however the SICK...

9.1CVSS7AI score0.33304EPSS
Exploits1
OSV
OSV
added 2021/12/13 1:15 a.m.2 views

UBUNTU-CVE-2018-25021

The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service DoS...

7.5CVSS5.8AI score0.02268EPSS
Exploits1References5
NVD
NVD
added 2021/10/25 11:15 a.m.12 views

CVE-2021-40526

Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lea...

5.3CVSS0.00949EPSS
Exploits0References1
Prion
Prion
added 2021/10/25 11:15 a.m.11 views

Design/Logic Flaw

Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lea...

5CVSS5.3AI score0.00949EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/25 10:41 a.m.16 views

CVE-2021-40526

Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lea...

4.8CVSS5.5AI score0.00949EPSS
Exploits0References1
OSV
OSV
added 2021/04/13 7:15 p.m.3 views

CVE-2021-23281

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in metadriversrv.js class. Attackers can send a specially crafted packet to make IPM connect to rou...

10CVSS7.9AI score0.02235EPSS
Exploits0References1
NVD
NVD
added 2020/12/31 9:15 a.m.39 views

CVE-2020-35909

An issue was discovered in the multihash crate before 0.11.3 for Rust. The fromslice parsing code can panic via unsanitized data from a network server...

7.8CVSS7.6AI score0.01371EPSS
Exploits0References1
Prion
Prion
added 2020/12/31 9:15 a.m.14 views

Code injection

An issue was discovered in the multihash crate before 0.11.3 for Rust. The fromslice parsing code can panic via unsanitized data from a network server...

7.8CVSS7.5AI score0.01371EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/12/31 8:20 a.m.43 views

CVE-2020-35909

An issue was discovered in the multihash crate before 0.11.3 for Rust. The fromslice parsing code can panic via unsanitized data from a network server...

7.5AI score0.01371EPSS
Exploits0References1
Rows per page
Query Builder