Show filters
328,826 Total Results
Displaying 2,371-2,380 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown
CVE-2024-41931
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
The goTenna Pro ATAK Plugin encryption key name is always sent
unencrypted when the key is sent over RF through a broadcast message. It
is advised to share the encryption key via local QR for higher security
operations.
0
Attacker Value
Unknown
CVE-2024-41722
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
In the goTenna Pro ATAK Plugin there is a vulnerability that makes it
possible to inject any custom message with any GID and Callsign using a
software defined radio in existing goTenna mesh networks. This
vulnerability can be exploited if the device is being used in an
unencrypted environment or if the cryptography has already been
compromised. It is advised to use encryption shared with local QR code
for higher security operations.
0
Attacker Value
Unknown
CVE-2024-41715
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
The goTenna Pro ATAK Plugin does not inject extra characters into
broadcasted frames to obfuscate the length of messages. This makes it
possible to tell the length of the payload regardless of the encryption
used.
0
Attacker Value
Unknown
CVE-2024-39577
Disclosure Date: September 26, 2024 (last updated September 27, 2024)
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution.
0
Attacker Value
Unknown
CVE-2024-9203
Disclosure Date: September 26, 2024 (last updated September 27, 2024)
A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 6.10.1 is able to address this issue. It is recommended to upgrade the affected component.
0
Attacker Value
Unknown
CVE-2024-9166
Disclosure Date: September 26, 2024 (last updated September 27, 2024)
The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.
0
Attacker Value
Unknown
CVE-2024-46627
Disclosure Date: September 26, 2024 (last updated September 27, 2024)
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.
0
Attacker Value
Unknown
CVE-2024-45982
Disclosure Date: September 26, 2024 (last updated September 27, 2024)
A host header injection vulnerability in scheduleR v0.0.18 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts.
0
Attacker Value
Unknown
CVE-2024-45981
Disclosure Date: September 26, 2024 (last updated September 27, 2024)
A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.
0
Attacker Value
Unknown
CVE-2024-45980
Disclosure Date: September 26, 2024 (last updated September 27, 2024)
A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts.
0