183 matches found
CVE-2022-34020
Cross Site Request Forgery CSRF vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts...
CVE-2022-34021
CVE-2022-34021 affects ResIOT IOT Platform + LoRaWAN Network Server up to version 4.1.1000114, with multiple XSS vulnerabilities exploitable via form fields. Reported severity CVSS v3.1 base score 5.4 (Medium). Remediation guidance in PT-Security PR notes a fix-containing version, but no specific...
CVE-2022-34021
Multiple Cross Site Scripting XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields...
CVE-2022-34020
Cross Site Request Forgery CSRF vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts...
PT-2022-21972 · Unknown · Resiot Iot Platform +1
Name of the Vulnerable Software and Affected Versions: ResIOT IOT Platform + LoRaWAN Network Server versions through 4.1.1000114 Description: The issue concerns multiple Cross Site Scripting XSS vulnerabilities. These vulnerabilities can be exploited via the form fields. Recommendations: For...
CVE-2022-34020
The CVE-2022-34020 entry concerns ResIOT IOT Platform + LoRaWAN Network Server (up to version 4.1.1000114). A Cross Site Request Forgery (CSRF) vulnerability could allow an attacker to add new admin users, with other unspecified impacts mentioned across sources. Reported impact severity is high (...
CVE-2022-34022
SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive...
WibuKey Network Server Management Heap Overflow (CVE-2018-3991)
A heap overflow vulnerability exists in WibuKey Network Server Management. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
OESA-2022-1780 derby security update
Apache Derby, an Apache DB sub-project, is a relational database implemented entirely in Java. Some key advantages include a small footprint, conformance to Java, JDBC, and SQL standards and embedded JDBC driver. Security Fixes: In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network...
Improper Access Control in Apache Derby
In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...
CVE-2021-4076
A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys...
Vulnerability in SICK FieldEcho
WIBU publicly released an advisory for the WIBU product “CodeMeter Runtime Network Server”. The advisory discloses a buffer over-read vulnerability that was found in the WIBU product “CodeMeter Runtime Network Server”. By default the network server functionality is disabled, however the SICK...
UBUNTU-CVE-2018-25021
The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service DoS...
CVE-2021-40526
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lea...
Design/Logic Flaw
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lea...
CVE-2021-40526
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lea...
CVE-2021-23281
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in metadriversrv.js class. Attackers can send a specially crafted packet to make IPM connect to rou...
CVE-2020-35909
An issue was discovered in the multihash crate before 0.11.3 for Rust. The fromslice parsing code can panic via unsanitized data from a network server...
Code injection
An issue was discovered in the multihash crate before 0.11.3 for Rust. The fromslice parsing code can panic via unsanitized data from a network server...
CVE-2020-35909
An issue was discovered in the multihash crate before 0.11.3 for Rust. The fromslice parsing code can panic via unsanitized data from a network server...