CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result ...

Netgate pfSense CE 路径遍历漏洞

Netgate pfSense CE is a free and open source FreeBSD-based firewall and router software. A security vulnerability exists in Netgate pfSense CE, where an attacker with the right to change the NTP GPS settings could rewrite existing files on the file system, resulting in arbitrary command execution...

Siemens SIMATIC RTLS Locating Manager Denial of Service Vulnerability

SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. A denial of service vulnerability exists in Siemens SIMATIC RTLS Locating Manager, which arises from the application's inabilit...

CVE-2021-3720

An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro L79031 and Legion Phone2 Pro L70081 that could allow other applications to access device GPS data...

Legion Phone Pro（L79031）和Legion Phone2 Pro（L70081）上时间天气系统小部件 安全漏洞

The Lenovo Legion Phone Pro and Legion Phone2 Pro are both gaming phones from the Chinese company Lenovo. A security vulnerability in the Time Weather System widget on the Legion Phone Pro L79031 and Legion Phone2 Pro L70081 can be exploited by an attacker to access the device's GPS data via othe...

GPS Daemon (GPSD) Rollover Bug

Critical Infrastructure CI owners and operators, and other users who obtain Coordinated Universal Time UTC from Global Positioning System GPS devices, should be aware of a GPS Daemon GPSD bug in GPSD versions 3.20 released December 31, 2019 through 3.22 released January 8, 2021. On October 24,...

USN-5035-1 gpsd vulnerability

It was discovered that GPSd incorrectly handled certain leap second events which would result in the time jumping back 1024 weeks on 2021-10-31...

CVE-2021-24418

The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psbpositioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. Smooth Scroll Page Up/Down Buttons WordPress plugin...

MITRE Madness: A Guide to Weathering the Upcoming Vendor Positioning Storm

April is usually a whirlwind month for the cybersecurity industry as it coincides with the release of the highly regarded and influential MITRE ATT&CK test results. The ATT&CK test measures cybersecurity platforms' abilities to detect and react to emulated, multistep attacks that can be used as a...

Qualcomm 芯片 资源管理错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc. and from time to time fabricated on the surface of semiconductor wafers. A security vulnerability exists in the Qualcomm GPS HLOS driver that...

China Coal Pilot Navigation and Positioning Monitoring Platform Has Overstepping Loopholes

The business scope of China Coal Aerospace Remote Sensing Group Co., Ltd. includes: geographic remote sensing information services; satellite remote sensing application system integration; satellite remote sensing data processing; satellite technology integrated application system integration, et...

Improper access control

VMware NSX-T 3.x before 3.0.2, 2.5.x before 2.5.2.2.0 contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node...

CVE-2020-11445

TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855...

Xiaomi Redmi 6 Pro has an unspecified vulnerability

Xiaomi Redmi 6 Pro is a smartphone from Chinese company Xiaomi Technology Xiaomi. Xiaomi Redmi 6 Pro has an unspecified vulnerability. An attacker can exploit the vulnerability to unauthorized switching of Wi-Fi, Bluetooth and GPS...

CVE-2019-11326

An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same...

CVE-2019-11327

An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system...

Default configuration

An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same...

CVE-2019-11327

An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system...

CVE-2019-11326

The CVE affects Topcon Positioning Net-G5 GNSS Receiver devices running firmware 5.2.2. The web interface requires login, but a guest account can log in and browse a URL to read the administrative password; this procedure also allows a regular user to escalate to administrative privileges. The gu...