51 matches found
CVE-2023-25183
In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device...
CVE-2023-31240
Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials...
CVE-2023-31245
Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redire...
CVE-2023-31241
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright...
EUVD-2023-32108
Malicious code in bioql PyPI...
EUVD-2023-35560
Malicious code in bioql PyPI...
EUVD-2023-29147
Malicious code in bioql PyPI...
EUVD-2023-32082
Malicious code in bioql PyPI...
EUVD-2023-32310
Malicious code in bioql PyPI...
EUVD-2024-45182
Malicious code in bioql PyPI...
CVE-2024-50380
Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device...
CVE-2023-31193
Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation...
CVE-2024-50381
A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a reque...
CVE-2024-50380
Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device...
CVE-2024-50381 Missing Authentication for Critical Function in Snap One OVRC cloud
A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a reque...
CVE-2024-50381 Missing Authentication for Critical Function in Snap One OVRC cloud
A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a reque...
CVE-2024-50381
CVE-2024-50381 affects Snap One OvrC Cloud. The Red Hat/NVD/ICS data show the issue: an attacker can impersonate a hub and send requests to claim/unclaim devices using the MAC address, enabling remote access/control within OvrC Pro. Affected product: OvrC Pro (all versions before 7.3). Impact and...
CVE-2024-50380 Authentication Bypass by Spoofing in Snap One OVRC cloud
Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device...
CVE-2024-50380
CVE-2024-50380 affects Snap One OvrC cloud where MAC addresses are used as identifiers to disclose device information. Affected component: OvrC cloud platform; vulnerability path allows an attacker to impersonate other devices by supplying enumerated MAC addresses and receive sensitive device inf...
CVE-2024-50380 Authentication Bypass by Spoofing in Snap One OVRC cloud
Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device...