PT-2024-20209 · Chargepoint · Chargepoint Home Flex

Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex affected versions not specified Description: This issue allows network-adjacent attackers to compromise transport security on affected installations. Authentication is not required to exploit this issue. The specific fla...

PT-2024-20183 · Pioneers · Pioneer Dmh-Wt7600Nex

Name of the Vulnerable Software and Affected Versions: Pioneer DMH-WT7600NEX affected versions not specified Description: This issue allows network-adjacent attackers to create arbitrary files on affected installations. Although authentication is required to exploit this, the existing...

PT-2024-20206 · Chargepoint · Chargepoint Home Flex

Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exist...

PT-2024-30979 · Apple · Macos Sonoma +1

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.6 Description: The issue allows a person with physical access to an unlocked Mac to potentially gain root code execution. This is achieved through a specific exploit that does not require user interaction...

PT-2024-20181 · Alpine · Alpine Halo9

Name of the Vulnerable Software and Affected Versions: Alpine Halo9 affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this issue. The...

PT-2024-37481 · Wyze · Wyze Cam V3

Name of the Vulnerable Software and Affected Versions: Wyze Cam v3 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected devices without authentication. The vulnerability stems from a stack-based buffer overflow within the...

(Pwn2Own) Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability

This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware metadata signature validation mechanism. Th...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO, which originates from programs running under root privileges that, if hijacked by some means, could execute arbitrary code on the multifunction device...

PT-2024-37099 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. The flaw exists within the HTTP API and results from using a...

CVE-2024-5268

Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this...

CVE-2021-3899

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root...

PT-2024-23328 · A10 Networks · A10 Thunder Adc

Name of the Vulnerable Software and Affected Versions: A10 Thunder ADC affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system. Th...

CVE-2024-5244

TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices...

PT-2024-3749 · Unknown · Cpci85 Central Processing/Communication +1

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V5.30 SICORE Base system versions prior to V1.3.0 Description: A command injection vulnerability exists due to missing server-side input sanitation in the web interface of affected...

CVE-2023-35757

D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

CVE-2023-51616

D-Link DIR-X3260 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...

CVE-2023-51614

D-Link DIR-X3260 prog.cgi SetQuickVPNSettings Password Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...

DEBIAN-CVE-2023-51594

BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a...

AZL-40232 CVE-2023-51592 affecting package bluez 5.63-6

BlueZ Audio Profile AVRCP parsemediafolder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability i...

AZL-40258 CVE-2023-51589 affecting package bluez 5.63-6

BlueZ Audio Profile AVRCP parsemediaelement Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability ...