|
307801
|
3.1 |
LOW
Adjacent
|
gotenna
|
gotenna_pro
|
In the goTenna Pro App there is a vulnerability that makes it possible
to inject any custom message with any GID and Callsign using a software
defined radio in existing goTenna mesh networks. This …
|
CWE-287
Improper Authentication
|
CVE-2024-47127
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307802
|
8.8 |
HIGH
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App does not use SecureRandom when generating passwords
for sharing cryptographic keys. The random function in use makes it
easier for attackers to brute force this password if the …
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2024-47126
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307803
|
5.4 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App does not authenticate public keys which allows an
unauthenticated attacker to manipulate messages. It is advised to update
your app to the current release for enhanced encryptio…
|
CWE-287
Improper Authentication
|
CVE-2024-47125
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307804
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App does not encrypt callsigns in messages. It is
recommended to not use sensitive information in callsigns when using
this and previous versions of the app and update your app to t…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-47124
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307805
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
In the goTenna Pro App, the encryption keys are stored along with a
static IV on the End User Device (EUD). This allows for complete
decryption of keys stored on the EUD if physically compromised. …
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-47122
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307806
|
4.3 |
MEDIUM
Adjacent
|
gotenna
|
gotenna
|
The goTenna Pro ATAK Plugin's default settings are to share Automatic
Position, Location, and Information (PLI) updates every 60 seconds once
the plugin is active and goTenna is connected. Users th…
|
NVD-CWE-Other
|
CVE-2024-43814
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307807
|
5.4 |
MEDIUM
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43362
|
2024-10-18 03:14 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307808
|
9.8 |
CRITICAL
Network
|
oretnom23
|
online_veterinary_appointment_system
|
A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Affected is an unknown function of the file /admin/categories/manage_category.php. Th…
|
CWE-89
SQL Injection
|
CVE-2024-9818
|
2024-10-18 03:13 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307809
|
8.8 |
HIGH
Network
|
blood_bank_system_project
|
blood_bank_system
|
A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads…
|
CWE-89
SQL Injection
|
CVE-2024-9817
|
2024-10-18 03:12 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307810
|
9.8 |
CRITICAL
Network
|
taismartfactory
|
qplant_sf
|
SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially …
|
CWE-89
SQL Injection
|
CVE-2024-9925
|
2024-10-18 03:09 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
