SUSE CVE-2024-7542

oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

DEBIAN-CVE-2024-7541

oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

DEBIAN-CVE-2024-7542

oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

DEBIAN-CVE-2024-7538

oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

DEBIAN-CVE-2024-7537

oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

PT-2024-20209 · Chargepoint · Chargepoint Home Flex

Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex affected versions not specified Description: This issue allows network-adjacent attackers to compromise transport security on affected installations. Authentication is not required to exploit this issue. The specific fla...

PT-2024-20183 · Pioneers · Pioneer Dmh-Wt7600Nex

Name of the Vulnerable Software and Affected Versions: Pioneer DMH-WT7600NEX affected versions not specified Description: This issue allows network-adjacent attackers to create arbitrary files on affected installations. Although authentication is required to exploit this, the existing...

PT-2024-20206 · Chargepoint · Chargepoint Home Flex

Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exist...

PT-2024-30979 · Apple · Macos Sonoma +1

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.6 Description: The issue allows a person with physical access to an unlocked Mac to potentially gain root code execution. This is achieved through a specific exploit that does not require user interaction...

PT-2024-20181 · Alpine · Alpine Halo9

Name of the Vulnerable Software and Affected Versions: Alpine Halo9 affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this issue. The...

PT-2024-37481 · Wyze · Wyze Cam V3

Name of the Vulnerable Software and Affected Versions: Wyze Cam v3 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected devices without authentication. The vulnerability stems from a stack-based buffer overflow within the...

(Pwn2Own) Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability

This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware metadata signature validation mechanism. Th...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO, which originates from programs running under root privileges that, if hijacked by some means, could execute arbitrary code on the multifunction device...

PT-2024-37099 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. The flaw exists within the HTTP API and results from using a...

CVE-2024-5268

Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this...

CVE-2021-3899

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root...

PT-2024-23328 · A10 Networks · A10 Thunder Adc

Name of the Vulnerable Software and Affected Versions: A10 Thunder ADC affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system. Th...

CVE-2024-5244

TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices...

The vulnerability of the DDP microprogramming software-based wireless access point D-Link DAP-2622 allows a intruder to execute any code within the root context.

The vulnerability of the DDP microprogramming software-based wireless access point D-Link DAP-2622 lies in the lack of proper verification of the length of data provided by users before they are copied into a fixed-length stack buffer. Exploiting this vulnerability allows a malicious actor to...

PT-2024-3749 · Unknown · Cpci85 Central Processing/Communication +1

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V5.30 SICORE Base system versions prior to V1.3.0 Description: A command injection vulnerability exists due to missing server-side input sanitation in the web interface of affected...