CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2022-29945
https://notcve.org/view.php?id=CVE-2022-29945
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol. Los dispositivos de drones de DJI vendidos en 2017 hasta 2022, transmiten información no cifrada sobre la ubicación física del operador del dron por medio del protocolo AeroScope • https://twitter.com/StarFire2258/status/1519767091829637120 https://twitter.com/d0tslash/status/1519774807776284672 https://www.theverge.com/2022/4/28/23046916/dji-aeroscope-signals-not-encrypted-drone-tracking • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-29664
https://notcve.org/view.php?id=CVE-2020-29664
A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet. Un problema de inyección de comando en DJI Mavic 2 Remote Controller versiones de firmware anteriores a 01.00.0510, permite una ejecución de código por medio de un paquete de actualización de firmware malicioso • http://hacktheplanet.nu/djihax.pdf http://kth.diva-portal.org/smash/get/diva2:1463784/FULLTEXT01.pdf https://gist.github.com/viktoredstrom/2f0463ebe7cd786904f229e11386e817 https://www.dji.com/mavic-2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 21%CPEs: 2EXPL: 2CVE-2007-1074 – News Bin Pro 5.33 - '.nbi' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1074
Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file. Múltiples desbordamiento de búfer en NewsBin Pro 5.33 y NewsBin Pro 4.x permite a atacantes remotos con la colaboración del usuario ejecutar código de su elección mediante un atributo (1) DataPath ó (2) DownloadPath en un fichero (1) NBI, ó (3) un campo largo de grupo en un fichero (b) NZB. • https://www.exploit-db.com/exploits/3349 http://osvdb.org/33377 http://osvdb.org/33378 http://secunia.com/advisories/24261 http://www.securityfocus.com/bid/22652 http://www.vupen.com/english/advisories/2007/0694 https://exchange.xforce.ibmcloud.com/vulnerabilities/32598 https://exchange.xforce.ibmcloud.com/vulnerabilities/32608 •