597 matches found
CVE-2023-27886
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter called by index.php script...
CVE-2023-27394
Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...
CVE-2020-27268
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy...
CVE-2020-27270
SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via BLE...
CVE-2020-27256
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings...
CVE-2020-2969
Vulnerability in the Data Pump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to...
CVE-2020-27269
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences...
CVE-2020-27264
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low...
CVE-2020-27266
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy...
CVE-2020-27258
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass through the dispatchReadPump function. An attacker can execute arbitrary commands by sending specially crafted websocket requests. PoC echo -e '"type": "command", "content": "id"' |./websocat...
CVE-2024-57375
Andamiro Pump It Up 20th Anniversary aka Double X or XX/2019 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service application crash via certain deselect actions...
CVE-2024-57375
Andamiro Pump It Up 20th Anniversary aka Double X or XX/2019 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service application crash via certain deselect actions...
CVE-2024-57375
Andamiro Pump It Up 20th Anniversary aka Double X or XX/2019 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service application crash via certain deselect actions...
CVE-2024-57375
Andamiro Pump It Up 20th Anniversary aka Double X or XX/2019 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service application crash via certain deselect actions...
Andamiro Pump It Up 20th Anniversary 安全漏洞
Andamiro Pump It Up 20th Anniversary is a dance simulation game by South Korean company Andamiro. A security vulnerability exists in Andamiro Pump It Up 20th Anniversary versions 1.00.0 through 2.08.3, which stems from a denial of service that may result from a specific cancel operation...
PT-2025-17904 · Andamiro · Andamiro Pump It Up 20Th Anniversary
Name of the Vulnerable Software and Affected Versions: Andamiro Pump It Up 20th Anniversary aka Double X or XX/2019 versions 1.00.0 through 2.08.3 Description: The issue allows a physically proximate attacker to cause a denial of service, resulting in an application crash, via certain deselect...
CVE-2024-57375
Andamiro Pump It Up 20th Anniversary (aka Double X/XX/2019) is affected in versions 1.00.0 through 2.08.3. The issue allows a physically proximate attacker to trigger a denial of service (application crash) via certain deselect actions. No exploit code or in-the-wild exploitation details are prov...
CVE-2022-49686
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix list double add in uvcgvideopump A panic can occur if the endpoint becomes disabled and the uvcgvideopump adds the request back to the reqfree list after it has already been queued to the endpoint. The...
DEBIAN-CVE-2022-49686
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix list double add in uvcgvideopump A panic can occur if the endpoint becomes disabled and the uvcgvideopump adds the request back to the reqfree list after it has already been queued to the endpoint. The...