Lucene search
+L

1340 matches found

OSV
OSV
added 2019/08/20 10:15 p.m.4 views

CVE-2019-5035

An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacke...

9CVSS7.3AI score0.00423EPSS
Exploits1References1
Prion
Prion
added 2019/08/20 10:15 p.m.21 views

Information disclosure

An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this...

5CVSS4.9AI score0.00595EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/08/20 10:15 p.m.22 views

Information disclosure

An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacke...

6.8CVSS8.5AI score0.00423EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/08/20 9:7 p.m.34 views

CVE-2019-5035

An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacke...

9CVSS8.7AI score0.00423EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/08/20 9:7 p.m.29 views

CVE-2019-5034

An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this...

5.3CVSS4.9AI score0.00595EPSS
Exploits1References1
Talos
Talos
added 2019/08/19 12:0 a.m.38 views

Nest Labs Nest Cam IQ Indoor Weave PASE pairing brute force vulnerability

Summary An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An...

9CVSS8.9AI score0.00423EPSS
Exploits1
The Hacker News
The Hacker News
added 2019/08/14 4:47 p.m.5 views

New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections

Over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices, and industrial devices, have been found vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices. The vulnerability, assigned as...

8.1CVSS8.7AI score0.02691EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2019/08/06 12:41 p.m.2 views

kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity within 30 meters to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure,...

8CVSS7.3AI score0.00802EPSS
Exploits1References7
NVD
NVD
added 2019/06/29 8:15 p.m.22 views

CVE-2019-13052

Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed...

6.5CVSS6.5AI score0.00673EPSS
Exploits1References1
Prion
Prion
added 2019/06/29 8:15 p.m.12 views

Code injection

Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed...

3.3CVSS6.5AI score0.00673EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/06/29 7:5 p.m.24 views

CVE-2019-13052

Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed...

6.5AI score0.00673EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2019/06/11 7:0 a.m.50 views

Bluetooth Low Energy Advisory

Executive Summary Microsoft is aware of an issue that affects the Bluetooth Low Energy BLE version of FIDO Security Keys. Due to a misconfiguration in the Bluetooth pairing protocols, it is possible for an attacker who is physically close to a user at the moment he/she uses the security key to...

8.8CVSS7.5AI score0.00332EPSS
Exploits0
OSV
OSV
added 2019/05/29 9:29 p.m.4 views

CVE-2019-11896

A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller SHC before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have...

7.1CVSS6.3AI score0.00674EPSS
Exploits0References1
NVD
NVD
added 2019/05/29 9:29 p.m.18 views

CVE-2019-11896

A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller SHC before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have...

7.1CVSS6AI score0.00674EPSS
Exploits0References1
Prion
Prion
added 2019/05/29 9:29 p.m.10 views

Privilege escalation

A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller SHC before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have...

6.8CVSS6.8AI score0.00674EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/05/29 8:29 p.m.16 views

Privilege escalation

A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller SHC before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the...

5.4CVSS7.7AI score0.00538EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/05/29 8:29 p.m.5 views

CVE-2019-11892

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller SHC before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary...

8CVSS7.1AI score0.01029EPSS
Exploits0References1
OSV
OSV
added 2019/05/29 8:29 p.m.3 views

CVE-2019-11891

A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller SHC before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the...

8CVSS7.3AI score0.00538EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/05/29 8:11 p.m.19 views

CVE-2019-11896 Incorrect pviilege assignment in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC)

A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller SHC before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have...

5.5CVSS6.9AI score0.00674EPSS
Exploits0References1
CVE
CVE
added 2019/05/29 8:11 p.m.148 views

CVE-2019-11896

CVE-2019-11896 affects the Bosch Smart Home Controller (SHC) via the 3rd-party pairing mechanism prior to version 9.8.907. The root issue is an incorrect privilege assignment that can allow a restricted app to acquire default app permissions after a successful app pairing, which requires user int...

7.1CVSS6AI score0.00674EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder