1261
|
- |
|
-
|
-
|
goTenna Pro ATAK Plugin by default enables frequent unencrypted
Position, Location and Information (PLI) transmission. This transmission
is done without user's knowledge, revealing the exact locati…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2024-43814
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1262
|
- |
|
-
|
-
|
In the goTenna Pro ATAK Plugin application, the encryption keys are
stored along with a static IV on the device. This allows for complete
decryption of keys stored on the device. This allows an att…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-43694
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1263
|
- |
|
-
|
-
|
The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted
messages without any additional integrity checking mechanisms. This
leaves messages malleable to any attacker that can access the m…
|
CWE-353
Missing Support for Integrity Check
|
CVE-2024-43108
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1264
|
- |
|
-
|
-
|
The goTenna Pro ATAK Plugin broadcast key name is always sent unencrypted and could reveal the location of operation.
|
-
|
CVE-2024-41931
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1265
|
- |
|
-
|
-
|
In the goTenna Pro ATAK Plugin there is a vulnerability that makes it
possible to inject any custom message with any GID and Callsign using a
software defined radio in existing gotenna mesh network…
|
CWE-1390
Weak Authentication
|
CVE-2024-41722
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1266
|
- |
|
-
|
-
|
Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the `highest_available` setting will incorrectly assu…
|
CWE-287
Improper Authentication
|
CVE-2024-45042
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1267
|
- |
|
-
|
-
|
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low p…
|
CWE-77
Command Injection
|
CVE-2024-39577
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1268
|
- |
|
-
|
-
|
A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext…
|
CWE-316
Cleartext Storage of Sensitive Information in Memory
|
CVE-2024-9203
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1269
|
- |
|
-
|
-
|
The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing…
|
CWE-78
OS Command
|
CVE-2024-9166
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1270
|
- |
|
-
|
-
|
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.
|
-
|
CVE-2024-46627
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|