403 matches found
CVE-2017-5237
CVE-2017-5237 affects the Eview EV-07S GPS Tracker. The issue stems from a lack of authentication, allowing an unauthenticated user who knows the device’s phone number to revert it to factory default via an SMS command (“RESET!”). This corresponds to a high impact on availability (CVSSv3: 7.5) wi...
CVE-2017-5238
Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field...
CVE-2017-5239
CVE-2017-5239 concerns the Eview EV-07S GPS Tracker, where information disclosure occurs due to a lack of standard encryption when transmitting sensitive data (e.g., GPS data, IMEI) to a centralized monitoring service. The vulnerability implies potential MITM exposure of PII over the network. The...
Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates
Google announced its plans to punish Symantec by gradually distrusting its SSL certificates after the company was caught improperly issuing 30,000 Extended Validation EV certificates over the past few years. The Extended Validation EV status of all certificates issued by Symantec-owned certificat...
BlueZ read-across-the-border vulnerability (CNVD-2016-11953)
BlueZ is an official Bluetooth stack for Linux. A security vulnerability exists in the 'lemetaevdump' function in the tools/parser/hci.c source file of BlueZ version 5.42. An attacker can exploit this vulnerability to read data across boundaries...
UBUNTU-CVE-2016-9803
In BlueZ 5.42, an out-of-bounds read was observed in "lemetaevdump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' which is used to read correct element from 'evlemetastr' array is overflowed...
CVE-2014-2783
CVE-2014-2783 affects Microsoft Internet Explorer 7–11. Description confirms a security feature bypass: IE fails to prevent the use of wildcard EV SSL certificates, enabling remote attackers to spoof a site’s trust level by exploiting an EV certificate issuance issue. Impact described in sources ...
CVE-2014-2783
Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority, aka "Extended Validation EV Certificate...
Microsoft Internet Explorer Extended Validation SSL Certificate Security Bypass Vulnerability
Description Microsoft Internet Explorer is prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass EV SSL certificate guidelines by using a wildcard certificate. This may aid in further attacks. Technologies Affected Avaya Aura Conferencing 6.0 SP1 Standard Avaya Au...
PHPNuke 7.7 EV Search Module SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16186/info PHPNuke EV is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...
FreeHost 1.00 - Upload Vulnerability
No description provided by source. ======================================================================================== | Title : FreeHost Version 1.00 Upload Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -0021377181886...
openSUSE Security Update : seamonkey (openSUSE-SU-2014:0008-1)
This update fixes the following security issues with SeaMonkey : - update to SeaMonkey 2.23 bnc854370 - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 bmo771294 Application Installation doorhanger...
CVE-2013-2819
The Sierra Wireless AirLink Raven X EV-DO gateway 42214.0.11.003 and 42284.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted 1 update or 2 reprogramming action...
Deserialization of untrusted data
The Sierra Wireless AirLink Raven X EV-DO gateway 42214.0.11.003 and 42284.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted 1 update or 2 reprogramming action...
Design/Logic Flaw
The Sierra Wireless AirLink Raven X EV-DO gateway 42214.0.11.003 and 42284.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388...
CVE-2013-2819
The Sierra Wireless AirLink Raven X EV-DO gateway 42214.0.11.003 and 42284.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted 1 update or 2 reprogramming action...
CVE-2013-2820
CVE-2013-2820 affects Sierra Wireless AirLink Raven X EV-DO gateways (firmware versions V4221_4.0.11.003 and V4228_4.0.11.003). The vulnerability allows remote replay attacks that reprogram the device firmware via UDP ports 17336 and 17388, potentially impacting availability and function. ICS-CER...
CVE-2013-2819
The Sierra Wireless AirLink Raven X EV-DO gateway (versions V4221_4.0.11.003 and V4228_4.0.11.003) is affected by CVE-2013-2819 due to missing encryption of the update/reprogramming process and use of plain text credentials, enabling remote firmware reprogramming and potential denial of service. ...
Mozilla Thunderbird Multiple Vulnerabilities-01 (Dec 2013) - Windows
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...
Ubuntu Update for thunderbird USN-2053-1
Check for the Version of thunderbird OpenVAS Vulnerability Test $Id: gbubuntuUSN20531.nasl 8483 2018-01-22 06:58:04Z teissa $ Ubuntu Update for thunderbird USN-2053-1 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...