Show filters
328,826 Total Results
Displaying 2,351-2,360 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown
CVE-2024-47127
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
In the goTenna Pro App there is a vulnerability that makes it possible
to inject any custom message with any GID and Callsign using a software
defined radio in existing goTenna mesh networks. This vulnerability can
be exploited if the device is being used in an unencrypted environment
or if the cryptography has already been compromised. It is advised to
share encryption keys via QR scanning for higher security operations and
update your app to the current release for enhanced encryption
protocols.
0
Attacker Value
Unknown
CVE-2024-47126
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
The goTenna Pro App does not use SecureRandom when generating passwords
for sharing cryptographic keys. The random function in use makes it
easier for attackers to brute force this password if the broadcasted
encryption key is captured over RF. This only applies to the optional
broadcast of an encryption key, so it is advised to share the key with
local QR code for higher security operations.
0
Attacker Value
Unknown
CVE-2024-47125
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
The goTenna Pro App does not authenticate public keys which allows an
unauthenticated attacker to manipulate messages. It is advised to update
your app to the current release for enhanced encryption protocols.
0
Attacker Value
Unknown
CVE-2024-47124
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
The goTenna Pro App does not encrypt callsigns in messages. It is
recommended to not use sensitive information in callsigns when using
this and previous versions of the app and update your app to the current
app version which uses AES-256 encryption for callsigns in encrypted
operation.
0
Attacker Value
Unknown
CVE-2024-47123
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
The goTenna Pro App uses AES CTR type encryption for short, encrypted
messages without any additional integrity checking mechanisms. This
leaves messages malleable to an attacker that can access the message. It
is recommended to continue to use encryption in the app and update to
the current release for more secure operations.
0
Attacker Value
Unknown
CVE-2024-47122
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
In the goTenna Pro App, the encryption keys are stored along with a
static IV on the End User Device (EUD). This allows for complete
decryption of keys stored on the EUD if physically compromised. This
allows an attacker to decrypt all encrypted broadcast communications
based on encryption keys stored on the EUD. This requires access to and
control of the EUD, so it is recommended to use strong access control
measures and layered encryption on the EUD for more secure operation.
0
Attacker Value
Unknown
CVE-2024-47121
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
The goTenna Pro App uses a weak password for sharing encryption keys via
the key broadcast method. If the broadcasted encryption key is captured
over RF, and password is cracked via brute force attack, it is possible
to decrypt it and use it to decrypt all future and past messages sent
via encrypted broadcast with that particular key. This only applies when
the key is broadcasted over RF. This is an optional feature, so it is
recommended to use local QR encryption key sharing for additional
security on this and previous versions.
0
Attacker Value
Unknown
CVE-2024-47075
Disclosure Date: September 26, 2024 (last updated September 27, 2024)
LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are present. Version 2.9.17 fixes this issue.
0
Attacker Value
Unknown
CVE-2024-45989
Disclosure Date: September 26, 2024 (last updated September 27, 2024)
Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious third-party or attacker-controlled server.
0
Attacker Value
Unknown
CVE-2024-45987
Disclosure Date: September 26, 2024 (last updated October 05, 2024)
Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent or knowledge. The attack leverages the user's active session to perform the unauthorized action, compromising the integrity of the voting process.
0