Lucene search
K

49 matches found

CNNVD
CNNVD
added 2025/02/07 12:0 a.m.5 views

AudioCodes One Voice Operations Center 安全漏洞

AudioCodes One Voice Operations Center AudioCodes OVOC is a web-based voice network management solution from AudioCodes, Inc. A security vulnerability exists in AudioCodes One Voice Operations Center OVOC versions prior to 8.4.582, which stems from improper neutralization of inputs via the device...

6.1CVSS6AI score0.00217EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 2:10 p.m.6 views

CVE-2020-11015

A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be...

9.1CVSS6.9AI score0.00717EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/11 2:59 a.m.11 views

CVE-2025-0103 Expedition: SQL Injection Vulnerability

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on...

9.2CVSS7.8AI score0.00596EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-9463

Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...

9.9CVSS7.4AI score0.98423EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/09 5:4 p.m.31 views

CVE-2024-9465 Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

9.2CVSS7.7AI score0.99597EPSS
Exploits3References2
NVD
NVD
added 2023/05/08 11:15 p.m.17 views

CVE-2023-22813

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS...

4.3CVSS4AI score0.00455EPSS
Exploits0References1
Prion
Prion
added 2023/05/08 11:15 p.m.28 views

Cross site scripting

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS...

4.3CVSS4.5AI score0.00455EPSS
Exploits0References1Affected Software4
Vulnrichment
Vulnrichment
added 2023/05/08 10:56 p.m.12 views

CVE-2023-22813 Device API endpoint missing access controls on Western Digital Mobile and Web Apps

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS...

3.3CVSS4.5AI score0.00455EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/29 1:42 a.m.31 views

CVE-2020-11015 Device Authentication Vulnerability in thinx-device-api IoT Device Management Server

A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be...

7.5CVSS9.2AI score0.00717EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/29 1:42 a.m.3 views

CVE-2020-11015 Device Authentication Vulnerability in thinx-device-api IoT Device Management Server

A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be...

7.5CVSS9.2AI score0.00717EPSS
Exploits0References1
NVD
NVD
added 2022/08/10 5:15 p.m.18 views

CVE-2022-34365

WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...

6.5CVSS0.00701EPSS
Exploits0References1
OSV
OSV
added 2022/08/10 5:15 p.m.3 views

CVE-2022-34365

WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...

6.5CVSS5.8AI score0.00701EPSS
Exploits0References1
Prion
Prion
added 2022/08/10 5:15 p.m.19 views

Path traversal

WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...

4CVSS6.2AI score0.00701EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/08/10 4:31 p.m.425 views

CVE-2022-34365

Dell Wyse Management Suite 3.7 is affected by a Path Traversal vulnerability in the Device API that could allow an attacker to read files on the server filesystem with web app privileges. The CVE-2022-34365 entry documents this issue; related advisories indicate Dell fixed the vulnerabilities in ...

6.5CVSS6.7AI score0.00701EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/10 4:31 p.m.26 views

CVE-2022-34365

WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...

6.5CVSS7AI score0.00701EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/18 12:0 a.m.5 views

CVE-2022-34365

WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...

6.5CVSS6AI score0.00701EPSS
Exploits0References2
Prion
Prion
added 2022/06/24 5:15 p.m.18 views

Path traversal

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...

4CVSS5.1AI score0.01209EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/31 12:0 a.m.4 views

CVE-2022-29097

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...

4.9CVSS6AI score0.01209EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2022/04/28 3:54 p.m.59 views

Chromium: CVE-2022-1480 Use after free in Device API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8AI score
Exploits0
Veracode
Veracode
added 2022/04/28 2:1 p.m.21 views

Denial Of Service (DoS)

chrome is vulnerable to denial of service. The vulnerability exists due to a Use after free in Device API which allows an attacker to cause an application crash...

3.6AI score
Exploits0
Rows per page
Query Builder