CVE-2023-34597

CVE-2023-34597 affects Fibaro Motion Sensor firmware version 3.4. The vulnerability allows an attacker to cause a Denial of Service via a crafted Z-Wave message. Documented impact: availability impact high (DoS) with attack vector Adjacent and no privileges/UI required. The NVD/NVD-derived metric...

CVE-2023-34597

A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service DoS via a crafted Z-Wave message...

SICK EventCam 访问控制错误漏洞

SICK EventCam is an industrial photoelectric sensor from SICK. A security vulnerability exists in SICK EventCam that stems from a lack of API authentication, allowing an attacker to modify and access configuration settings on the program...

Ta-da! Wiz launches Runtime Sensor to provide real-time detection and response

Agentless visibility and risk assessment paired with Wiz Runtime Sensor real-time detection for the best of both worlds...

CTO Point of View: Why Wiz is launching a Runtime Sensor

Today we are excited to announce the Wiz Runtime Sensor. The sensor collects signals in real-time from the workload runtime to simplify threat detection and response in the cloud as part of our Cloud Detection and Response CDR capabilities...

New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force

Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices. The approach, dubbed BrutePrint , bypasses limits put in place to counter failed biometric authentication...

CrowdStrike Falcon Sensor Installed (MacOSX)

Binary data crowdstrikefalconsensormacosinstalled.nbin...

CVE-2023-23304

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent a...

CVE-2023-27921

JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker...

PT-2023-18899 · Garmin · Ciq Api +1

Name of the Vulnerable Software and Affected Versions: GarminOS TVM component in CIQ API versions 2.1.0 through 4.1.7 Description: The issue allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any...

PT-2023-21421 · Jins · Jins Meme Core Firmware

Name of the Vulnerable Software and Affected Versions: JINS MEME CORE Firmware versions 2.2.0 and earlier Description: The issue is related to a hard-coded cryptographic key used in the firmware, which may allow a network-adjacent attacker to decrypt data acquired by a sensor of the affected...

ESPEC MIC多款产品授权问题漏洞

ESPEC MIC RT-12N and others are an environmental sensor from ESPEC MIC. A security vulnerability exists in the ESPEC MIC RT-12N/RS-12N, RT-22BN, and TEU-12N, which stems from incorrect authentication and can be exploited by an attacker to log in as a legitimate user...

ESPEC MIC 多款产品访问控制错误漏洞

The ESPEC MIC RT-12N and others are an environmental sensor from ESPEC MIC. A security vulnerability exists in the Especmic RT-12N/RS-12N, RT-22BN, and TEU-12N, which stems from a lack of authentication for critical functions, and can be exploited by an attacker to tamper with the settings of the...

CVE-2023-21118

In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...

CVE-2023-21118

In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...

CVE-2023-23446

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface...

CVE-2023-31409

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests...

CVE-2023-23450

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via...

CVE-2023-31409

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests...

CVE-2023-23445

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface...