Lucene search
K

283 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.12 views

Astra Linux – Vulnerability in gpsd

In gpsd, before committing dc966aa, there is a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the...

9.8CVSS7.4AI score0.00674EPSS
Exploits2References3
CVE
CVE
added 2026/06/19 3:59 p.m.20 views

CVE-2026-12620

The CVE affects GridTime 3000 GNSS Time Server versions 1.0r0.03 through 1.1r0.0, where an access token is leaked in the URL parameters of certain endpoints. The issue is documented by NVD/CVE entries for CVE-2026-12620, with an attack surface described as NETWORK, requiring HIGH privileges and A...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/19 3:48 p.m.4 views

CVE-2026-12622 Open Redirect Vulnerability in Password Reset Submission in GridTime™ 3000 GNSS Time Server

The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

5.3CVSS5.8AI score0.00122EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 3:40 p.m.34 views

CVE-2026-12619 GridTime™ 3000 GNSS Time Server CSRF to XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting XSS. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

5.1CVSS0.00136EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 3:40 p.m.18 views

CVE-2026-12619

The CVE-2026-12619 entry concerns Microchip GridTime 3000 GNSS Time Server, where an improper neutralization during web page generation enables Cross-Site Scripting (XSS). A CSRF-to-XSS chain affects GridTime 3000 versions 1.0r0.03–1.1r0.0. Exploit maturity is listed as ATTACKED, indicating in-th...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50948

Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.1r0.0 Description The GridTime 3000 GNSS Time Server contains an open redirect issue within the password change form submission. An open redirect occurs when an application takes a user-provided URL an...

5.3CVSS5.9AI score0.00122EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50946

Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.1r0.0 Description The GridTime 3000 GNSS Time Server leaks the access token within the URL parameters of certain endpoints. Recommendations Update GridTime 3000 versions 1.0r0.03 through 1.1r0.0 to a...

6.5CVSS6.1AI score0.00227EPSS
Exploits0References4
NVD
NVD
added 2026/04/28 7:37 p.m.9 views

CVE-2026-3893

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

9.4CVSS0.00373EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/28 5:34 p.m.3 views

CVE-2026-3893

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

9.4CVSS5.2AI score0.00373EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.4 views

Debian dla-4441 : gpsd - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4441 advisory. [email protected] Subject: SECURITY DLA 4441-1 gpsd security update - ------------------------------------------------------------------------- Debia...

9.8CVSS6.2AI score0.00674EPSS
Exploits3References6
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.16 views

CVE-2019-11326

An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same...

8.8CVSS7.3AI score0.0123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.9 views

CVE-2019-11327

An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system...

4.9CVSS6.9AI score0.01367EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/07 11:9 p.m.4 views

CVE-2019-25259 Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that...

5.3CVSS6.4AI score0.00146EPSS
Exploits1References5
CVE
CVE
added 2026/01/07 11:9 p.m.16 views

CVE-2019-25259

CVE-2019-25259 affects Leica Geosystems GR10/GR25/GR30/GR50 GNSS software (version 4.30.063). The vulnerability is a cross-site request forgery that allows attackers to trigger administrative actions without proper request validation by tricking authenticated users into submitting malicious reque...

5.3CVSS6.4AI score0.00146EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.12 views

PT-2026-1672

Name of the Vulnerable Software and Affected Versions Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 Description The software contains a cross-site request forgery issue that could allow attackers to perform administrative actions without proper validation of requests. Attackers can...

5.3CVSS6.5AI score0.00146EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2026/01/06 12:24 a.m.8 views

SUSE CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

9.8CVSS8AI score0.00674EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2026/01/03 11:11 a.m.8 views

CVE-2025-67268

A flaw was found in gpsd. The hnd129540 function, responsible for handling NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to properly validate the user-supplied satellite count. A remote attacker can exploit this by sending a specially crafted packet with an excessive satellite count,...

9.8CVSS7.2AI score0.00674EPSS
Exploits2References6
NVD
NVD
added 2026/01/02 4:17 p.m.9 views

CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

9.8CVSS0.00674EPSS
Exploits2References9
OSV
OSV
added 2026/01/02 4:17 p.m.4 views

UBUNTU-CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

9.8CVSS6AI score0.00674EPSS
Exploits2References4
CVE
CVE
added 2026/01/02 12:0 a.m.40 views

CVE-2025-67268

gpsd contains a heap-based out-of-bounds write in drivers/driver_nmea2000.c (PGN 129540 handling). The hnd_129540 function validates the satellite count against a 184-element skyview array, but an input satellite count up to 255 can overflow the array, causing memory corruption, DoS, and potentia...

9.8CVSS7.6AI score0.00674EPSS
Exploits2References9Affected Software1
Rows per page
Query Builder