Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. A use-after-free in the sensor handling component allows an attacker to execute arbitrary code on the host OS...

Chromium: CVE-2021-30585 Use after free in sensor handling

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Google Chrome sensor handling code execution vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in sensor handling in versions of Google Chrome prior to 92.0.4515.107. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

KLA12236 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, spoof user interface, obtain sensitive information, perform cross-site scripting attack. Below is a complete li...

Microsoft Edge 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in sensor handling in versions of Google Chrome prior to 92.0.4515.107. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

AKCP sensorProbe SPX476 - (Multiple) Cross-Site Scripting Vulnerability

Exploit Title: AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting XSS Exploit Author: Tyler Butler Vendor Homepage: https://www.akcp.com/ Software Link: https://www.akcp.com/support-center/customer-login/sensorprobe-series-firmware-download/ Advisory:...

AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)

Exploit Title: AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting XSS Date: 07-01-2021 Exploit Author: Tyler Butler Vendor Homepage: https://www.akcp.com/ Software Link: https://www.akcp.com/support-center/customer-login/sensorprobe-series-firmware-download/ Advisory:...

Exploit for Cross-site Scripting in Akcp Sensorprobe2_Firmware

CVE-2021-35956. Proof of Concept Exploit for CVE-2021-35956,...

CVE-2021-20107

There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. It is possible to use the Bluetooth Low...

Information disclosure

There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. It is possible to use the Bluetooth Low...

CVE-2021-20107

There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. It is possible to use the Bluetooth Low...

CVE-2021-20107

CVE-2021-20107 describes an unauthenticated BLE interface present in Sloan SmartFaucets (including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers such as SOLIS). The vulnerability allows reading and writing to many BLE characteristics over Bluetooth Low Energy, enabling kinetic effects a...

CVE-2021-35956

Stored cross-site scripting XSS in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email from/to/cc, System Name, and System Location fields...

Cross site scripting

Stored cross-site scripting XSS in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email from/to/cc, System Name, and System Location fields...

AKCP sensorProbe 跨站脚本漏洞

The AKCP sensorProbe is a platform-independent environmental and safety monitoring device from AKCP USA. Simply assign an IP address and connect to the embedded web server. A cross-site scripting vulnerability exists in versions prior to SP480-20210624 of the AKCP sensorProbe Embedded Web Server...

CVE-2021-35047

Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and...

Design/Logic Flaw

Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and...

Emerson Rosemount X-STREAM Gas Analyzer 安全漏洞

The Emerson Rosemount X-STREAM Gas Analyzer is an Emerson gas analyzer for industrial environments. The device supports up to five component gas analyzers and features NDIR/UV/VIS photometry, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors. A security vulnerability...

360 SkyEye traffic sensor has information leakage vulnerability

Ltd. is a company that focuses on the cyberspace security market and provides a new generation of enterprise-class network security products and services to government and corporate users. 360 SkyEye Traffic Sensor has an information leakage vulnerability that can be exploited by attackers to...

Google Android Buffer Overflow Vulnerability (CNVD-2021-19680)

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. A security vulnerability exists in Google Android/Pixel, which stems from a missing bounds check in iaxxxcoresensorchangestate of iaxxx-module.c, which may write out of bounds. No detailed...