Lucene search
K

597 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:34 a.m.8 views

CVE-2023-27886

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter called by index.php script...

9.8CVSS8.2AI score0.01658EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.9 views

CVE-2023-27394

Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...

9.8CVSS8.2AI score0.18202EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:33 p.m.7 views

CVE-2020-27268

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy...

6.5CVSS6.9AI score0.00539EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:35 p.m.10 views

CVE-2020-27270

SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via BLE...

5.7CVSS6.9AI score0.00262EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:15 p.m.7 views

CVE-2020-27256

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings...

6.8CVSS6.6AI score0.00311EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:28 p.m.7 views

CVE-2020-2969

Vulnerability in the Data Pump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to...

6.6CVSS6.2AI score0.02031EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:25 p.m.10 views

CVE-2020-27269

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences...

5.7CVSS6.9AI score0.00499EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:24 p.m.10 views

CVE-2020-27264

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low...

8.8CVSS6.9AI score0.0054EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:24 p.m.8 views

CVE-2020-27266

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy...

6.5CVSS7.1AI score0.00581EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:24 p.m.10 views

CVE-2020-27258

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth...

6.5CVSS6.6AI score0.00575EPSS
Exploits0
Snyk
Snyk
added 2025/05/06 4:45 p.m.1 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the dispatchReadPump function. An attacker can execute arbitrary commands by sending specially crafted websocket requests. PoC echo -e '"type": "command", "content": "id"' |./websocat...

9.4CVSS7.6AI score0.00605EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/27 12:1 a.m.5 views

CVE-2024-57375

Andamiro Pump It Up 20th Anniversary aka Double X or XX/2019 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service application crash via certain deselect actions...

2.4CVSS6.9AI score0.00179EPSS
Exploits0References1
NVD
NVD
added 2025/04/25 2:15 p.m.10 views

CVE-2024-57375

Andamiro Pump It Up 20th Anniversary aka Double X or XX/2019 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service application crash via certain deselect actions...

2.4CVSS0.00179EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/25 12:0 a.m.5 views

CVE-2024-57375

Andamiro Pump It Up 20th Anniversary aka Double X or XX/2019 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service application crash via certain deselect actions...

2.4CVSS7.1AI score0.00179EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/25 12:0 a.m.9 views

CVE-2024-57375

Andamiro Pump It Up 20th Anniversary aka Double X or XX/2019 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service application crash via certain deselect actions...

2.4CVSS0.00179EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/25 12:0 a.m.3 views

Andamiro Pump It Up 20th Anniversary 安全漏洞

Andamiro Pump It Up 20th Anniversary is a dance simulation game by South Korean company Andamiro. A security vulnerability exists in Andamiro Pump It Up 20th Anniversary versions 1.00.0 through 2.08.3, which stems from a denial of service that may result from a specific cancel operation...

2.4CVSS6.6AI score0.00179EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/25 12:0 a.m.3 views

PT-2025-17904 · Andamiro · Andamiro Pump It Up 20Th Anniversary

Name of the Vulnerable Software and Affected Versions: Andamiro Pump It Up 20th Anniversary aka Double X or XX/2019 versions 1.00.0 through 2.08.3 Description: The issue allows a physically proximate attacker to cause a denial of service, resulting in an application crash, via certain deselect...

2.4CVSS6.5AI score0.00179EPSS
Exploits0References7
CVE
CVE
added 2025/04/25 12:0 a.m.53 views

CVE-2024-57375

Andamiro Pump It Up 20th Anniversary (aka Double X/XX/2019) is affected in versions 1.00.0 through 2.08.3. The issue allows a physically proximate attacker to trigger a denial of service (application crash) via certain deselect actions. No exploit code or in-the-wild exploitation details are prov...

2.4CVSS3.8AI score0.00179EPSS
Exploits0References2
NVD
NVD
added 2025/02/26 7:1 a.m.19 views

CVE-2022-49686

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix list double add in uvcgvideopump A panic can occur if the endpoint becomes disabled and the uvcgvideopump adds the request back to the reqfree list after it has already been queued to the endpoint. The...

7.8CVSS0.00234EPSS
Exploits0References2
OSV
OSV
added 2025/02/26 7:1 a.m.4 views

DEBIAN-CVE-2022-49686

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix list double add in uvcgvideopump A panic can occur if the endpoint becomes disabled and the uvcgvideopump adds the request back to the reqfree list after it has already been queued to the endpoint. The...

7.8CVSS5.6AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder