1421
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2024-9171
|
2024-09-28 02:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1422
|
- |
|
-
|
-
|
Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway.
|
-
|
CVE-2024-3052
|
2024-09-28 02:15 |
2024-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1423
|
- |
|
-
|
-
|
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time.
|
-
|
CVE-2024-3051
|
2024-09-28 02:15 |
2024-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1424
|
- |
|
-
|
-
|
IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily read files after enumerating file names.
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2023-46170
|
2024-09-28 02:15 |
2024-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1425
|
- |
|
-
|
-
|
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Ge…
|
-
|
CVE-2024-22473
|
2024-09-28 02:15 |
2024-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1426
|
9.8 |
CRITICAL
Network
silabs
|
z\/ip_gateway_sdk
|
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startu…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2023-4489
|
2024-09-28 02:15 |
2023-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1427
|
8.8 |
HIGH
Adjacent
|
silabs
|
z\/ip_gateway_sdk
|
A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.
|
CWE-863
Incorrect Authorization
|
CVE-2023-0971
|
2024-09-28 02:15 |
2023-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1428
|
5.5 |
MEDIUM
Local
|
silabs
|
gecko_software_development_kit
|
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2023-2747
|
2024-09-28 02:15 |
2023-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1429
|
8.2 |
HIGH
Network
czim
|
file-handling
|
The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory travers…
|
CWE-22 CWE-918
Path Traversal Server-Side Request Forgery (SSRF)
|
CVE-2024-47049
|
2024-09-28 02:09 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1430
|
7.5 |
HIGH
Network
in2code
|
powermail
|
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-47047
|
2024-09-28 02:03 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|