1101
|
- |
|
-
|
-
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chos…
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2024-47170
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1102
|
- |
|
-
|
-
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen …
|
CWE-434 CWE-35
Unrestricted Upload of File with Dangerous Type Path Traversal: '.../...//'
|
CVE-2024-47169
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1103
|
- |
|
-
|
-
|
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, `<nix/fetchurl.nix>` did not verify TLS certificates on HTTPS connections.…
|
CWE-287
Improper Authentication
|
CVE-2024-47174
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1104
|
- |
|
-
|
-
|
The goTenna Pro broadcast key name is always sent unencrypted and could reveal the location of operation.
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2024-47128
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1105
|
- |
|
-
|
-
|
In the goTenna Pro there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing gotenna mesh networks. This vulner…
|
CWE-1390
Weak Authentication
|
CVE-2024-47127
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1106
|
- |
|
-
|
-
|
The goTenna Pro series does not use SecureRandom when generating its cryptographic keys. The random function in use is not suitable for cryptographic use.
|
-
|
CVE-2024-47126
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1107
|
- |
|
-
|
-
|
The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker to intercept and manipulate messages.
|
CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
|
CVE-2024-47125
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1108
|
- |
|
-
|
-
|
The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-47124
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1109
|
- |
|
-
|
-
|
The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message.
|
CWE-353
Missing Support for Integrity Check
|
CVE-2024-47123
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1110
|
- |
|
-
|
-
|
In the goTenna Pro application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decry…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-47122
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|