1951
|
6.1 |
MEDIUM
Physics
|
silabs
|
emberznet_sdk
|
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules)
allows potential modification or extraction of network credentials stored i…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2023-41096
|
2024-09-26 02:15 |
2023-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1952
|
9.1 |
CRITICAL
Network
silabs
|
openthread_sdk
|
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2023-41095
|
2024-09-26 02:15 |
2023-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1953
|
9.8 |
CRITICAL
Network
silabs
|
gecko_bootloader
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware U…
|
CWE-787 CWE-120 CWE-494
Out-of-bounds Write Classic Buffer Overflow Download of Code Without Integrity Check
|
CVE-2023-4041
|
2024-09-26 02:15 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1954
|
6.5 |
MEDIUM
Adjacent
|
silabs
|
bluetooth_low_energy_software_development_kit
|
A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2023-2683
|
2024-09-26 02:15 |
2023-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1955
|
7.5 |
HIGH
Network
envoyproxy
|
envoy
|
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To …
|
NVD-CWE-noinfo
|
CVE-2024-45807
|
2024-09-26 02:12 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1956
|
5.4 |
MEDIUM
Network
|
cryoutcreations
|
kahuna
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Kahuna allows Stored XSS.This issue affects Kahuna: from n/a through 1.7.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-43994
|
2024-09-26 02:09 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1957
|
7.5 |
HIGH
Network
trianglemicroworks siemens
|
iec_61850_source_code_library sicam_a8000_firmware sicam_scc_firmware sicam_egs_firmware sicam_s8000 sitipe_at
|
Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in …
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-34057
|
2024-09-26 02:08 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1958
|
8.8 |
HIGH
Network
|
frogcms_project
|
frogcms
|
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/delete/123
|
CWE-352
Origin Validation Error
|
CVE-2024-46086
|
2024-09-26 02:08 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1959
|
7.5 |
HIGH
Network
quinn_project
|
quinn
|
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to `accept()`, `retry()`, `refuse()`, or `ignore()` an `…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2024-45311
|
2024-09-26 02:03 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1960
|
7.5 |
HIGH
Network
linlinjava
|
litemall
|
A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminGoodscontroller.java.
|
CWE-89
SQL Injection
|
CVE-2024-46382
|
2024-09-26 01:56 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|