6 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function. Vulnerabilidad de permisos inseguros en Connectivity Standards Alliance Matter Official SDK v.1.1.0.0, Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030 y yeelight smart lamp v.1.12.69 permite que un atacante remoto provoque una denegación de servicio mediante un script manipulado para la función KeySetRemove. • https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf https://github.com/project-chip/connectedhomeip/issues/28518 https://github.com/project-chip/connectedhomeip/issues/28679 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. • https://github.com/paxswill/evesrp/commit/9e03f68e46e85ca9c9694a6971859b3ee66f0240 https://github.com/paxswill/evesrp/releases/tag/v0.12.12 https://vuldb.com/?ctiid.220211 https://vuldb.com/?id.220211 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file. Una vulnerabilidad de descarga de archivos arbitraria en la función apiImportLabs en el archivo api_labs.php de la EVE-NG versión 2.0.3-112 Community, permite a atacantes ejecutar código arbitrario por medio de un archivo UNL diseñado • http://eve-ng.com https://erpaciocco.github.io/2022/eve-ng-rce • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files. Una vulnerabilidad de inyección de comandos del Sistema Operativo en el analizador de configuración de Eve-NG Professional versiones hasta 4.0.1-65 y Eve-NG Community versiones hasta 2.0.3-112, permite a un atacante remoto autenticado ejecutar comandos como root mediante la edición de los parámetros de comandos de virtualización de los archivos UNL importados • https://www.eve-ng.net https://www.eve-ng.net/index.php/documentation/release-notes • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1

io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter. io/mongo/parser.py en Eve (también conocido como pyeve), en versiones anteriores a la 0.7.5, permite que atacantes remotos ejecuten código arbitrario mediante inyección de código en el parámetro where. • https://github.com/SilentVoid13/CVE-2018-8097 https://github.com/pyeve/eve/commit/f8f7019ffdf9b4e05faf95e1f04e204aa4c91f98 https://github.com/pyeve/eve/issues/1101 • CWE-94: Improper Control of Generation of Code ('Code Injection') •