26 matches found
PYSEC-2026-135
In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs...
EUVD-2012-0457
Malware in sbrugna...
EUVD-2018-20510
Malware in sbrugna...
EUVD-2018-6861
Malware in sbrugna...
CVE-2024-40750
Linksys Velop Pro 6E 1.0.8 MX62001.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation...
Massive 1.17TB Data Leak Exposes Billions of IoT Grow Light Records
Massive 1.17 TB data leak exposes billions of records from a Chinese IoT grow light company. Wi-Fi passwords,…...
CVE-2024-40750
Linksys Velop Pro 6E 1.0.8 MX62001.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation...
CVE-2024-40750
Linksys Velop Pro 6E 1.0.8 MX62001.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation...
CVE-2024-40750
CVE-2024-40750 concerns Linksys Velop Pro 6E devices (versions 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314). The issue is that during app-based installation, cleartext Wi‑Fi passwords are transmitted over the public Internet. Root cause details are not fully specified in the provided documents,...
MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a...
DonPAPI - Dumping DPAPI Credz Remotely
Dumping revelant information on compromised targets without AV detection DPAPI dumping Lots of credentials are protected by DPAPI. We aim at locating those "secured" credentials, and retreive them using : User password Domaine DPAPI BackupKey Local machine DPAPI Key protecting TaskScheduled blob...
CVE-2021-25423
Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log...
Authentication Bug Opens Android Smart-TV Box to Data Theft
A critical bug in the Hindotech HK1 TV Box would allow root-privilege escalation thanks to improper access control. A successful exploit would allow attackers to steal social-networking account tokens, Wi-Fi passwords, cookies, saved passwords, user-location data, message history, emails, contact...
CVE-2019-15345
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.8. This app contains an exported service named...
Input validation
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.8. This app contains an exported service named...
Input validation
The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...
CVE-2018-14979
The CVE-2018-14979 entry concerns ASUS ZenFone 3 Max (ASUS_X008_1) with pre-installed com.asus.loguploader. The issue is an exported service, LogUploaderService, accessible via a specific action, that can write a bugreport (kernel log, logcat, system service states including active notifications)...
CVE-2018-18698
An issue was discovered on Xiaomi Mi A1 tissotsprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot...
CVE-2018-18698
Affected product/variant: Xiaomi Mi A1 (tissot_sprout) running 8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE. Vulnerability detail: The device stores cleartext Wi‑Fi passwords in logcat during the process of enabling hotspot, exposing credentials. Impact: Unauthorized disclosure of Wi‑Fi passwords. Root...
CVE-2018-18698
An issue was discovered on Xiaomi Mi A1 tissotsprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot...