Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
assaabloy vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-10176
ASSA ABLOY Yale WIPC-301W 2.x.2.29 up to and including 2.x.2.43_p1 devices allow Eval Injection of commands.
Assaabloy Yale Wipc-301w Firmware 2.x.2.43
Assaabloy Yale Wipc-301w Firmware
5.9
CVSSv3
CVE-2019-13604
There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an malicious user to recover the key and decrypt that image u...
Assaabloy Hid Digitalpersona 4500 Firmware 24
1 Github repository
6.5
CVSSv3
CVE-2023-26941
Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows malicious users to create a cloned tag via physical proximity to the original.
Assaabloy Yale Conexis L1 Firmware 1.1.0
6.5
CVSSv3
CVE-2023-26943
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows malicious users to create a cloned tag via physical proximity to the original.
Assaabloy Yale Keyless Smart Lock Firmware 1.0
8.8
CVSSv3
CVE-2020-23826
The Yale WIPC-303W 2.21 up to and including 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176
Assaabloy Yale Wipc-303w Firmware
9.8
CVSSv3
CVE-2023-33367
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated malicious users to write PHP files on the server's root directory, resulting in remote code execution.
Assaabloy Control Id Idsecure
6.5
CVSSv3
CVE-2023-33368
Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.
Assaabloy Control Id Idsecure
9.1
CVSSv3
CVE-2023-33369
A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing malicious users to delete arbitrary files on IDSecure filesystem, causing a denial of service.
Assaabloy Control Id Idsecure
7.5
CVSSv3
CVE-2023-33370
An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing malicious users to cause the main web server of IDSecure to fault and crash, causing a denial of service.
Assaabloy Control Id Idsecure
9.8
CVSSv3
CVE-2023-33371
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing malicious users to sign arbitrary session tokens and bypass authentication.
Assaabloy Control Id Idsecure
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »