|
311441
|
6.7 |
MEDIUM
Local
|
google
|
android
|
In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.
|
CWE-77
Command Injection
|
CVE-2024-39437
|
2024-10-18 02:18 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311442
|
6.7 |
MEDIUM
Local
|
google
|
android
|
In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.
|
CWE-77
Command Injection
|
CVE-2024-39436
|
2024-10-18 02:16 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311443
|
7.5 |
HIGH
Network
|
microsoft
|
windows_server_2008
windows_server_2012
windows_server_2016
windows_server_2022_23h2
windows_server_2022
windows_server_2019
|
Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-43544
|
2024-10-18 02:16 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311444
|
4.3 |
MEDIUM
Adjacent
|
gotenna
|
gotenna
|
The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It
is advised to not use sensitive information in callsigns when using this
and previous versions of the plugin. Update to curren…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-45838
|
2024-10-18 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311445
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna
|
The goTenna Pro ATAK Plugin does not use SecureRandom when generating
passwords for sharing cryptographic keys. The random function in use
makes it easier for attackers to brute force this password…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2024-45723
|
2024-10-18 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311446
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna
|
The goTenna Pro ATAK plugin uses a weak password for sharing encryption
keys via the key broadcast method. If the broadcasted encryption key is
captured over RF, and password is cracked via brute f…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-45374
|
2024-10-18 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311447
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna
|
The goTenna Pro ATAK Plugin uses AES CTR type encryption for short,
encrypted messages without any additional integrity checking mechanisms.
This leaves messages malleable to an attacker that can a…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2024-43108
|
2024-10-18 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311448
|
4.3 |
MEDIUM
Adjacent
|
gotenna
|
gotenna
|
The goTenna Pro ATAK Plugin encryption key name is always sent
unencrypted when the key is sent over RF through a broadcast message. It
is advised to share the encryption key via local QR for highe…
|
NVD-CWE-Other
|
CVE-2024-41931
|
2024-10-18 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311449
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna
|
In the goTenna Pro ATAK Plugin there is a vulnerability that makes it
possible to inject any custom message with any GID and Callsign using a
software defined radio in existing goTenna mesh network…
|
NVD-CWE-Other
|
CVE-2024-41722
|
2024-10-18 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311450
|
4.3 |
MEDIUM
Adjacent
|
gotenna
|
atak_plugin
|
The goTenna Pro ATAK Plugin does not inject extra characters into
broadcasted frames to obfuscate the length of messages. This makes it
possible to tell the length of the payload regardless of the …
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-41715
|
2024-10-18 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
