30 matches found
EUVD-2017-15576
Malware in sbrugna...
EUVD-2017-8902
Malware in sbrugna...
EUVD-2017-8903
Malware in sbrugna...
EUVD-2018-4594
Malware in sbrugna...
EUVD-2017-8901
Malware in sbrugna...
CVE-2018-12638
An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app...
SUSE CVE-2017-6520
The Multicast DNS mDNS responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service traffic amplification or obtain potentially sensitive information via port-5353 UDP...
CVE-2018-12638
An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app...
CVE-2018-12638
An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app...
CVE-2018-12638
An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app...
CVE-2018-12638
The CVE-2018-12638 entry concerns Bose Soundtouch for iOS version 18.1.4 where there is no frontend input validation of the device name. The underlying cause is reflected in multiple sources as a Cross‑Site Scripting risk: a malicious device name can cause JavaScript to execute in the registered ...
BOSE SoundTouch Remote Control Vulnerability
The BOSE SoundTouch is a wireless speaker device from the American company BOSE. A security vulnerability exists in BOSE SoundTouch. A remote attacker could exploit this vulnerability with the help of a specially crafted website to achieve remote control...
BOSE SoundTouch cross-site scripting vulnerability (CNVD-2018-08340)
The BOSE SoundTouch is a wireless speaker device from the American company BOSE. A cross-site scripting vulnerability exists in BOSE SoundTouch. A remote attacker can exploit the vulnerability to take control of an account with the help of a specially crafted Spotify public playlist...
BOSE SoundTouch cross-site scripting vulnerability (CNVD-2018-08339)
The BOSE SoundTouch is a wireless speaker device from the American company BOSE. A cross-site scripting vulnerability exists in BOSE SoundTouch. A remote attacker could exploit this vulnerability to compromise an itunes/pandora account with specially crafted song data from a music service...
Design/Logic Flaw
Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora...
Design/Logic Flaw
Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify...
Design/Logic Flaw
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol...
CVE-2017-17749
Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora...
CVE-2017-17751
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol...
CVE-2017-17750
Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify...