EUVD-2025-202610

Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...

CVE-2025-65291

CVE-2025-65291 affects Aqara Hub devices (Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027). The root cause is failure to validate server certificates during TLS connections used for discovery services and CoAP gateway communications, enabling potential man-in-the-middle attacks on ...

Juniper Junos OS Vulnerability (JSA103143)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA103143 advisory. - A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows ...

EUVD-2024-31625

Malicious code in bioql PyPI...

CVE-2024-3017

In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor RCP causes the OpenThread Border RouterOTBR application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service...

CVE-2024-3017

In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor RCP causes the OpenThread Border RouterOTBR application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service...

CVE-2024-3017

The CVE-2024-3017 entry describes a vulnerability in Silicon Labs multi-protocol gateway where a corrupt pointer to buffered data on the multi-protocol radio co-processor (RCP) can cause the OpenThread Border Router (OTBR) application task on the host to crash, enabling a temporary denial-of-serv...

CVE-2024-3017 Denial of service in multi-protocol gateway - Zigbee + Thread

In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor RCP causes the OpenThread Border RouterOTBR application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service...

SiLabs Z-Wave over IP Gateway 缓冲区错误漏洞

The SiLabs Z-Wave over IP Gateway is a hardware unit that plugs into a Wi-Fi router and is used to add and configure Z-Wave devices as well as create and run "scenarios". A security vulnerability exists in SiLabs Z-Wave over IP Gateway. No information about this vulnerability is available at this...

Security Bulletin: Ensure that DataPower services running in production environments are not configured to blindly echo requests. (CVE-2013-0499)

Abstract DataPower services like XML Firewall, Multi Protocol Gateway, Web Service Proxy and Web Token Service when configured to blindly echo requests could result in potential security vulnerability in production environments. Content VULNERABILITY DETAILS: DESCRIPTION: For the purposes of...

CVE-2022-30276

The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication MDLC networks potentially over a variety of serial, RF and/or Ethernet links and TCP/IP networks...

Squid Security Update Advisory (SQUID-2019:5)

Squid is prone to a heap overflow vulnerability due to incorrect buffer management when processing HTTP Authentication credentials. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2018-0051

A Denial of Service vulnerability in the SIP application layer gateway ALG component of Junos OS based platforms allows an attacker to crash MS-PIC, MS-MIC, MS-MPC, MS-DPC or SRX flow daemon flowd process. This issue affects Junos OS devices with NAT or stateful firewall configuration in...

CVE-2013-0499

Cross-site scripting XSS vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gatew...

Cross site scripting

Cross-site scripting XSS vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gatew...

CVE-2013-0499

Cross-site scripting XSS vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gatew...