36 matches found
EUVD-2024-24969
Malicious code in bioql PyPI...
EUVD-2024-36050
Malicious code in bioql PyPI...
EUVD-2024-36053
Malicious code in bioql PyPI...
EUVD-2024-36052
Malicious code in bioql PyPI...
EUVD-2024-36054
Malicious code in bioql PyPI...
Unauthenticated local file disclosure on Milesight DeviceHub
TL;DR Nginx container on Milesight DeviceHub includes MQTT private key store Can download MQTT private keys across network Milesight eventually responded and issued a firmware update Unauthenticated local file disclosure on Milesight DeviceHub CVSS: 6.5 Medium CVSS:3.1:...
The vulnerability of the MileSight DeviceHub deployment platform, caused by an incorrect path name limitation for accessing the restricted catalog, allows a violator to execute arbitrary code.
The vulnerability of the MileSight DeviceHub deployment platform exists due to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the MileSight DeviceHub deployment platform, related to authentication errors, allows a violator to execute arbitrary code.
The vulnerability of the MileSight DeviceHub deployment platform is related to authentication errors. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the MileSight DeviceHub deployment platform, related to the use of insufficiently random values, allows a violator to execute arbitrary code.
The vulnerability of the MileSight DeviceHub deployment platform lies in the use of insufficiently random values. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the MileSight DeviceHub deployment platform, related to key management errors, allows a violator to carry out a “man-in-the-middle” attack.
The vulnerability of the MileSight DeviceHub deployment platform is related to key management errors. Exploiting this vulnerability could allow a remote attacker to carry out a “man-in-the-middle” attack...
The vulnerability of the MileSight DeviceHub deployment platform, which stems from insufficient validation of input data, allows a violator to trigger a service failure.
The vulnerability of the MileSight DeviceHub deployment platform exists due to insufficient verification of input data. Exploiting this vulnerability could allow a remote attacker to cause service failures...
CVE-2024-36392
MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2024-36390
MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service...
CVE-2024-36392
MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2024-36391
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic...
CVE-2024-36390
MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service...
CVE-2024-36391
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic...
CVE-2024-36389
MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass...
CVE-2024-36389
MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass...
CVE-2024-36388
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function...