Show filters
1,595 Total Results
Displaying 11-20 of 1,595
Sort by:
Attacker Value
Unknown
CVE-2024-43525
Disclosure Date: October 08, 2024 (last updated October 09, 2024)
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
0
Attacker Value
Unknown
CVE-2024-43524
Disclosure Date: October 08, 2024 (last updated October 09, 2024)
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
0
Attacker Value
Unknown
CVE-2024-43523
Disclosure Date: October 08, 2024 (last updated October 09, 2024)
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
0
Attacker Value
Unknown
CVE-2024-43513
Disclosure Date: October 08, 2024 (last updated October 09, 2024)
BitLocker Security Feature Bypass Vulnerability
0
Attacker Value
Unknown
CVE-2024-8421
Disclosure Date: October 01, 2024 (last updated October 01, 2024)
This CVE has been rejected.
0
Attacker Value
Unknown
CVE-2024-8449
Disclosure Date: September 30, 2024 (last updated October 05, 2024)
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password.
0
Attacker Value
Unknown
CVE-2024-23961
Disclosure Date: September 28, 2024 (last updated October 04, 2024)
Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the UPDM_wemCmdUpdFSpeDecomp function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.
Was ZDI-CAN-23306
0
Attacker Value
Unknown
CVE-2024-23960
Disclosure Date: September 28, 2024 (last updated October 04, 2024)
Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware metadata signature validation mechanism. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.
Was ZDI-CAN-23102
0
Attacker Value
Unknown
CVE-2024-23924
Disclosure Date: September 28, 2024 (last updated October 04, 2024)
Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the UPDM_wemCmdCreatSHA256Hash function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.
Was ZDI-CAN-23105
0
Attacker Value
Unknown
CVE-2024-23972
Disclosure Date: September 23, 2024 (last updated October 01, 2024)
Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the USB host driver. A crafted USB configuration descriptor can trigger an overflow of a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device.
Was ZDI-CAN-23185
0