Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

51 matches found

Cvelist
Cvelistadded 2022/08/05 3:14 p.m.17 views

CVE-2022-33728

Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal...

4CVSS4.3AI score0.00017EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2022/08/05 12:0 a.m.3 views

PT-2022-21845 · Bluetooth · Bluetooth

Name of the Vulnerable Software and Affected Versions: Bluetooth versions prior to SMR Aug-2022 Release 1 Description: The issue allows local attackers to access the connected Bluetooth macAddress via Settings.Global. Recommendations: For Bluetooth versions prior to SMR Aug-2022 Release 1, update...

4CVSS3.9AI score0.00017EPSS
Exploits0References2
NVD
NVDadded 2022/05/18 12:15 p.m.12 views

CVE-2022-29643

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.8CVSS0.00407EPSS
Exploits1References1
Prion
Prionadded 2022/05/18 12:15 p.m.15 views

Stack overflow

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.8CVSS7.5AI score0.00407EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2022/05/18 11:50 a.m.11 views

CVE-2022-29643

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.7AI score0.00407EPSS
Exploits1References1
CNVD
CNVDadded 2022/05/12 12:0 a.m.15 views

TOTOLINK N600R Buffer Overflow Vulnerability (CNVD-2022-50675)

TOTOLINK N600R is a wireless router from TOTOLINK, Taiwan, China. buffer overflow vulnerability exists in TOTOLINK N600R V4.3.0cu.7647B20210106, which originates from the lack of length validation of the macAddress parameter in the FUN0041b448 function . An attacker could exploit this vulnerabili...

10CVSS3.9AI score0.00495EPSS
Exploits1References1
NVD
NVDadded 2022/05/10 8:15 p.m.19 views

CVE-2022-29394

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN0041b448...

10CVSS0.00495EPSS
Exploits1References1
Prion
Prionadded 2022/05/10 8:15 p.m.14 views

Stack overflow

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN0041b448...

10CVSS9.6AI score0.00495EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2022/05/10 7:49 p.m.14 views

CVE-2022-29394

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN0041b448...

9.9AI score0.00495EPSS
Exploits1References1
CVE
CVEadded 2022/05/10 7:49 p.m.82 views

CVE-2022-29394

TOTOLINK N600R is affected by a stack overflow in the macAddress handling inside FUN_0041b448 on firmware V4.3.0cu.7647_B20210106. The issue is described across multiple sources (NVD, Red Hat advisory, CNVD, CVE lists) as a buffer/stack overflow arising from lack of length validation in the macAd...

10CVSS9.6AI score0.00495EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVEadded 2021/03/19 5:36 a.m.24 views

CVE-2018-13797

A flaw was found in nodejs-macaddress. The module allows unsanitized input to an exec call which can lead to an arbitrary command injection flaw. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS4.4AI score0.11295EPSS
Exploits1References2
OSV
OSVadded 2020/08/19 10:28 p.m.0 views

GHSA-Q9R2-F3VC-RJG8 Command Injection in macaddress

Withdrawn: Duplicate of GHSA-pp57-mqmh-44h7...

5.8AI score
Exploits0References1
Github Security Blog
Github Security Blogadded 2018/09/06 11:24 p.m.21 views

Command Injection in macaddress

All versions of macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface argument to the one method. Recommendation Update to version 0.2.9 or later...

9.8CVSS5AI score0.11295EPSS
Exploits1References9Affected Software1
vulnersOsv
vulnersOsvadded 2018/09/06 11:24 p.m.1 views

iobroker.yahka (>=0.5.4 <=0.7.1) potentially affected by CVE-2018-13797 via macaddress (=0.2.8)

macaddress NPM version =0.2.8 is affected by a known vulnerability. The following packages have a transitive dependency on macaddress and may be impacted: - iobroker.yahka =0.5.4, =0.7.1 Source cves: CVE-2018-13797 Source advisory: OSV:GHSA-PP57-MQMH-44H7...

9.8CVSS7.2AI score0.11295EPSS
Exploits1
OSV
OSVadded 2018/09/06 11:24 p.m.2 views

GHSA-PP57-MQMH-44H7 Command Injection in macaddress

All versions of macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface argument to the one method. Recommendation Update to version 0.2.9 or later...

9.8CVSS7.2AI score0.11295EPSS
Exploits1References9
CNVD
CNVDadded 2018/07/12 12:0 a.m.0 views

Joyent Node.js macaddress module command injection vulnerability

Joyent Node.js is the United States Joyent company's set of built on Google V8 JavaScript engine on top of the web application platform. macaddress module is used in one of the Mac address management module. A command injection vulnerability exists in Joyent Node.js macaddress module versions pri...

9.8CVSS9.6AI score0.11295EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2018/07/10 12:29 p.m.20 views

CVE-2018-13797

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...

9.8CVSS7.2AI score0.11295EPSS
Exploits1References6
OSV
OSVadded 2018/07/10 12:29 p.m.3 views

DEBIAN-CVE-2018-13797

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...

9.8CVSS8.8AI score0.11295EPSS
Exploits1References1
Prion
Prionadded 2018/07/10 12:29 p.m.13 views

Command injection

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...

7.5CVSS9.8AI score0.11295EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2018/07/10 12:29 p.m.1 views

UBUNTU-CVE-2018-13797

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...

9.8CVSS7.4AI score0.11295EPSS
Exploits1References7
Rows per page
Query Builder