Advanced Vulnerability Search
CVE-2023-28434
Known Exploited Vulnerability
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`.
| Max Base Score | 8.8 |
| Published | 2023-03-22 |
| Updated | 2023-03-28 |
| EPSS | 3.08% |
| KEV Added | 2023-09-19 |
CVE-2022-31463
Known Exploited Vulnerability
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used.
| Max Base Score | 8.2 |
| Published | 2022-06-02 |
| Updated | 2022-07-08 |
| EPSS | 8.09% |
| KEV Added | 2023-09-18 |
CVE-2022-31462
Known Exploited Vulnerability
Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.
| Max Base Score | 9.3 |
| Published | 2022-06-02 |
| Updated | 2022-07-08 |
| EPSS | 0.61% |
| KEV Added | 2023-09-18 |
CVE-2022-31461
Known Exploited Vulnerability
Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message.
| Max Base Score | 7.4 |
| Published | 2022-06-02 |
| Updated | 2022-08-29 |
| EPSS | 5.83% |
| KEV Added | 2023-09-18 |
CVE-2022-31459
Known Exploited Vulnerability
Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.
| Max Base Score | 7.4 |
| Published | 2022-06-02 |
| Updated | 2022-07-08 |
| EPSS | 5.10% |
| KEV Added | 2023-09-18 |
CVE-2022-22265
Known Exploited Vulnerability
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
| Max Base Score | 7.8 |
| Published | 2022-01-10 |
| Updated | 2023-06-27 |
| EPSS | 0.07% |
| KEV Added | 2023-09-18 |
CVE-2021-3129
Public exploit exists
Known Exploited Vulnerability
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
| Max Base Score | 9.8 |
| Published | 2021-01-12 |
| Updated | 2022-02-22 |
| EPSS | 97.52% |
| KEV Added | 2023-09-18 |
CVE-2017-6884
Known Exploited Vulnerability
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.
| Max Base Score | 9.0 |
| Published | 2017-04-06 |
| Updated | 2017-04-12 |
| EPSS | 97.38% |
| KEV Added | 2023-09-18 |
CVE-2014-8361
Public exploit exists
Known Exploited Vulnerability
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
| Max Base Score | 10.0 |
| Published | 2015-05-01 |
| Updated | 2023-09-05 |
| EPSS | 97.09% |
| KEV Added | 2023-09-18 |