A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...
6.2AI Score
0.0004EPSS
CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make any unintended operation as the SSH interface access is protected by an authentication mechanism. Impacts....
6.5CVSS
7.1AI Score
0.0004EPSS
In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the...
7.8CVSS
7.7AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS while key unwrapping process, when the given encrypted key is empty or...
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS while processing 11AZ RTT management action frame received through...
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon...
7.5CVSS
7.5AI Score
0.0005EPSS
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring...
7.8CVSS
7.7AI Score
0.0004EPSS
9.3CVSS
7.8AI Score
0.0004EPSS
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi...
4.9CVSS
5.1AI Score
0.001EPSS
Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing.....
5.5CVSS
6AI Score
0.0005EPSS
Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local...
7.8CVSS
7.6AI Score
0.0004EPSS
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next...
7.5CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from...
7.5CVSS
7.6AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
9.3CVSS
7.8AI Score
0.0004EPSS
Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with...
7.8CVSS
7.6AI Score
0.0004EPSS
Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant...
4.3CVSS
4.4AI Score
0.001EPSS
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build...
7.8CVSS
7.4AI Score
0.001EPSS
Transient DOS while parsing WPA IES, when it is passed with length more than expected...
7.5CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
9.8CVSS
9.5AI Score
0.001EPSS
7.5CVSS
7.6AI Score
0.0004EPSS
Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO...
9.8CVSS
9.6AI Score
0.001EPSS
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management...
7.5CVSS
7.5AI Score
0.0004EPSS
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA...
7.5CVSS
7.5AI Score
0.0005EPSS
Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer...
7.5CVSS
7.5AI Score
0.0005EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in...
6.5CVSS
6.4AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
Memory corruption in MPP performance while accessing DSM watermark using external memory...
7.8CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
6.1CVSS
5.6AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3...
9.8CVSS
9.5AI Score
0.001EPSS
6.1CVSS
5.5AI Score
0.0004EPSS
Information Disclosure in Qualcomm IPC while reading values from shared memory in...
6.1CVSS
5.3AI Score
0.0004EPSS
Memory Corruption in Core due to secure memory access by user while loading modem...
8.4CVSS
7.5AI Score
0.0004EPSS
6.1CVSS
5.3AI Score
0.0004EPSS
Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the *.ui.nabu.casa URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the.....
5.3CVSS
5AI Score
0.0005EPSS
Home assistant is an open source home automation. The audit team’s analyses confirmed that the redirect_uri and client_id are alterable when logging in. Consequently, the code parameter utilized to fetch the access_token post-authentication will be sent to the URL specified in the aforementioned...
5.4CVSS
5.8AI Score
0.0005EPSS
Home assistant is an open source home automation. In affected versions the hassio.addon_stdin is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service (e.g.: through GHSA-h2jp-7grc-9xpp) may be able to invoke any Supervisor REST API endpoints with a.....
7.2CVSS
7.4AI Score
0.001EPSS
Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the redirect_uri and client_id parameters. Although the redirect_uri validation typically ensures that it matches.....
9.6CVSS
8.2AI Score
0.001EPSS