CVE-2024-11166

HIGH Year: 2024
Weakness Type
CWE-15
View all →

Vulnerability Description

For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition.

Related Vulnerabilities

CVE-2023-50252

CRITICAL
CVSS:9.8(Critical)

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `<use>` tag that references an `<image>` tag, it merges the attributes from the `<use>` tag to the `<image...

CWE-152023

CVE-2024-4326

CRITICAL
CVSS:9.8(Critical)

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execu...

CWE-152024

CVE-2021-38453

CRITICAL
CVSS:9.1(Critical)

Some API functions allow interaction with the registry, which includes reading values as well as data modification.

CWE-152021

CVE-2024-38666

CRITICAL
CVSS:9.1(Critical)

An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary com...

CWE-152024

CVE-2024-39280

CRITICAL
CVSS:9.1(Critical)

An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command executio...

CWE-152024

CVE-2024-39602

CRITICAL
CVSS:9.1(Critical)

An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. A...

CWE-152024