12 matches found
CVE-2026-40911
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the msg or callback fields. On the client side, plugin/YPTSocket/script.js contains two eval...
EUVD-2022-29293
Malicious code in bioql PyPI...
CVE-2022-39064
An attacker sending a single malformed IEEE 802.15.4 Zigbee frame makes the TRÅDFRI bulb blink, and if they replay i.e. resend the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness...
CVE-2022-24401
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of...
CVE-2022-24401
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of...
Huawei HarmonyOS 访问控制错误漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a broadcast receive unauthenticated type vulnerability in the background proxy alert...
PT-2023-3043 · Triangle Microworks · Scada Data Gateway
Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks' SCADA Data Gateway version = v5.01.03 Description: The issue is related to the use of uncontrolled format strings in the GTWWebMonitor.exe executable file of the SCADA Data Gateway system. An unauthenticated attacker can...
CVE-2022-39065
A single malformed IEEE 802.15.4 Zigbee frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices...
CVE-2022-39065
A single malformed IEEE 802.15.4 Zigbee frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices...
CVE-2022-39064
An attacker sending a single malformed IEEE 802.15.4 Zigbee frame makes the TRÅDFRI bulb blink, and if they replay i.e. resend the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness...
CVE-2022-39064
An attacker sending a single malformed IEEE 802.15.4 Zigbee frame makes the TRÅDFRI bulb blink, and if they replay i.e. resend the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness...
Corsaire Security Advisory - Sygate Enforcer unauthenticated broadcast issue
-- Corsaire Security Advisory -- Title: Sygate Enforcer unauthenticated broadcast issue Date: 20.11.03 Application: Sygate Enforcer prior to 3.5MR1 Environment: Windows NT, 2000, 2003 Author: Martin O'Neal [email protected] Audience: General distribution Reference: c031120-003 -- Scope --...