Show filters
1,595 Total Results
Displaying 11-20 of 1,595
Sort by:
Attacker Value
Unknown

CVE-2024-43525

Disclosure Date: October 08, 2024 (last updated October 09, 2024)
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Attacker Value
Unknown

CVE-2024-43524

Disclosure Date: October 08, 2024 (last updated October 09, 2024)
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Attacker Value
Unknown

CVE-2024-43523

Disclosure Date: October 08, 2024 (last updated October 09, 2024)
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Attacker Value
Unknown

CVE-2024-43513

Disclosure Date: October 08, 2024 (last updated October 09, 2024)
BitLocker Security Feature Bypass Vulnerability
Attacker Value
Unknown

CVE-2024-8421

Disclosure Date: October 01, 2024 (last updated October 01, 2024)
This CVE has been rejected.
Attacker Value
Unknown

CVE-2024-8449

Disclosure Date: September 30, 2024 (last updated October 05, 2024)
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password.
Attacker Value
Unknown

CVE-2024-23961

Disclosure Date: September 28, 2024 (last updated October 04, 2024)
Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wemCmdUpdFSpeDecomp function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23306
Attacker Value
Unknown

CVE-2024-23960

Disclosure Date: September 28, 2024 (last updated October 04, 2024)
Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware metadata signature validation mechanism. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23102
Attacker Value
Unknown

CVE-2024-23924

Disclosure Date: September 28, 2024 (last updated October 04, 2024)
Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wemCmdCreatSHA256Hash function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23105
Attacker Value
Unknown

CVE-2024-23972

Disclosure Date: September 23, 2024 (last updated October 01, 2024)
Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the USB host driver. A crafted USB configuration descriptor can trigger an overflow of a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23185