Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Pebble Security Vulnerabilities

cve
cve

CVE-2024-3250

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,.....

6.5CVSS

6.2AI Score

0.0004EPSS

2024-04-04 03:15 PM
31
cve
cve

CVE-2009-0736

Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified...

5.8AI Score

0.001EPSS

2022-10-03 04:24 PM
25
cve
cve

CVE-2022-37767

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from.....

9.8CVSS

9.8AI Score

0.003EPSS

2022-09-12 02:15 PM
49
10
cve
cve

CVE-2021-38546

CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity....

5.9CVSS

5.8AI Score

0.005EPSS

2021-08-11 04:15 PM
20
cve
cve

CVE-2019-19899

Pebble Templates 3.1.2 allows attackers to bypass a protection mechanism (intended to block access to instances of java.lang.Class) because getClass is accessible via the public static java.lang.Class java.lang.Class.forName(java.lang.Module,java.lang.String)...

9.8CVSS

9.3AI Score

0.005EPSS

2019-12-19 12:15 AM
74
cve
cve

CVE-2016-10702

Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application...

6.1CVSS

6.1AI Score

0.001EPSS

2017-11-28 07:29 AM
14
cve
cve

CVE-2012-4023

CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified...

7.1AI Score

0.002EPSS

2012-11-08 11:46 AM
21
cve
cve

CVE-2012-4022

Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted...

6.8AI Score

0.016EPSS

2012-11-08 11:46 AM
24
cve
cve

CVE-2012-5170

Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified...

6.9AI Score

0.004EPSS

2012-11-04 03:55 PM
16
cve
cve

CVE-2006-5168

Cross-site scripting (XSS) vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query...

6AI Score

0.004EPSS

2006-10-10 04:06 AM
23