Lucene search
+L

1340 matches found

OSV
OSV
added 2017/11/09 4:29 a.m.3 views

CVE-2017-16674

Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent DWA 1.0.5.0 and earlier...

8CVSS5.8AI score0.00728EPSS
Exploits1References1
Prion
Prion
added 2017/11/09 4:29 a.m.24 views

Command injection

Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent DWA 1.0.5.0 and earlier...

4.9CVSS6AI score0.00728EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/11/09 4:0 a.m.63 views

CVE-2017-16674

Datto Windows Agent (DWA) versions 1.0.5.0 and earlier are vulnerable to unauthenticated remote command execution when an attacker combines a modified primary/secondary command with the CVE-2017-16673 rogue pairing attack. The issue affects DWA by allowing an attacker to gain unauthenticated acce...

8CVSS5.9AI score0.00728EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2017/09/13 12:0 a.m.9 views

Android BNEP Remote Code Execution Vulnerability

The Bluetooth Network Encapsulation Protocol BNEP is used to transfer data from another protocol stack via L2CAP. A remote code execution vulnerability exists in Android BNEP. The vulnerability is in the Bluetooth Network Encapsulation Protocol BNEP service, which allows Internet sharing over a...

8.8CVSS9.1AI score0.2285EPSS
Exploits13References1
CNVD
CNVD
added 2017/08/03 12:0 a.m.5 views

Motorola MX011ANM Comcast Firmware Design Flaw Vulnerability

The Motorola MX011ANM is an Internet set-top box device from Motorola, U.S.A. Comcast is a set of firmware developed by Comcast that runs in devices such as gateways and modems. A security vulnerability exists in the Comcast firmware in the Motorola MX011ANM using firmware version...

6.3CVSS7.1AI score0.00703EPSS
Exploits0References1
NVD
NVD
added 2017/07/31 3:29 a.m.25 views

CVE-2017-9493

The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows remote attackers to conduct successful forced-pairing attacks between an RF4CE remote and a set-top box by repeatedly transmitting the same pairing code...

6.3CVSS6.4AI score0.00703EPSS
Exploits0References1
Prion
Prion
added 2017/07/31 3:29 a.m.21 views

Code injection

The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows remote attackers to conduct successful forced-pairing attacks between an RF4CE remote and a set-top box by repeatedly transmitting the same pairing code...

5.8CVSS7.4AI score0.00703EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/07/31 3:29 a.m.4 views

CVE-2017-9493

The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows remote attackers to conduct successful forced-pairing attacks between an RF4CE remote and a set-top box by repeatedly transmitting the same pairing code...

6.3CVSS5.8AI score0.00703EPSS
Exploits0References1
CVE
CVE
added 2017/07/31 3:0 a.m.55 views

CVE-2017-9493

Summary: CVE-2017-9493 affects Comcast firmware on Motorola MX011ANM devices (firmware MX011AN_2.9p6s1_PROD_sey). A design/implementation issue in the RF4CE pairing flow allows remote attackers to perform successful forced-pairing attacks by repeatedly transmitting the same pairing code between a...

6.3CVSS6.4AI score0.00703EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/07/31 3:0 a.m.28 views

CVE-2017-9493

The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows remote attackers to conduct successful forced-pairing attacks between an RF4CE remote and a set-top box by repeatedly transmitting the same pairing code...

6.5AI score0.00703EPSS
Exploits0References1
Kitploit
Kitploit
added 2017/02/25 3:13 p.m.35 views

crackle - Crack Bluetooth Smart (BLE) Encryption

crackle cracks BLE Encryption AKA Bluetooth Smart. crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK Temporary Key. With the TK and other data collected from the pairing process, the STK Short Term Key and later the LTK Long Ter...

6.9AI score
Exploits0References1
OSV
OSV
added 2016/11/25 4:59 p.m.4 views

CVE-2016-6719

An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is...

5.5CVSS5.8AI score0.00342EPSS
Exploits0References2
OSV
OSV
added 2016/11/25 4:59 p.m.5 views

UBUNTU-CVE-2016-6719

An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is...

5.5CVSS7.3AI score0.00342EPSS
Exploits0References3
CNVD
CNVD
added 2016/11/10 12:0 a.m.6 views

Google Android Bluetooth Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which Bluetooth is a component. An elevation of privilege vulnerability exists in Bluetooth in Android. A remote attacker can exploit this vulnerability to pair any Bluetooth...

5.5CVSS7.2AI score0.00342EPSS
Exploits0References1
CNVD
CNVD
added 2016/10/28 12:0 a.m.12 views

TrackR Bravo Unauthorized Pairing Vulnerability

The TrackR Bravo is a Bluetooth item loss prevention device. TrackR Bravo allows unauthorized pairing of Bluetooth devices. A remote attacker can exploit the vulnerability to write multiple device properties via an unauthorized connection application...

8.8CVSS7AI score0.01093EPSS
Exploits0References1
CNVD
CNVD
added 2016/10/28 12:0 a.m.5 views

Zizai Tech Nut Design Vulnerability

Zizai Tech Nut is a Nut smart finder and anti-loss patch product from China's Zizai Tech. Zizai Tech Nut allows unauthorized pairing of Bluetooth devices, which can be exploited by a remote attacker to submit a special request to write data to the device name attribute...

4.3CVSS7AI score0.01079EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2016/10/25 9:5 a.m.12 views

Tracking Devices Latest Privacy Risk to Users

Update: TrackR has responded to Rapid7’s disclosure. First, it said it has addressed the authentication issue months ago, but the deprecated call remained online even though it was no longer used by its apps. “We are grateful that Rapid7 brought this possible point of confusion to our attention; ...

0.3AI score
Exploits0
CERT
CERT
added 2016/10/25 12:0 a.m.47 views

Zizai Tech Nut contains multiple vulnerabilities

Overview Zizai Tech Nut contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313: Cleartext Storage in a File or on Disk - CVE-2016-6547The Nut mobile app stores the account password used to authenticate to the cloud API in...

9.8CVSS6.8AI score0.03707EPSS
Exploits3References2
Microsoft KB
Microsoft KB
added 2016/08/23 12:0 a.m.34 views

August 23, 2016 — KB3176934 (OS Build 14393.82)

None None...

6.1AI score
Exploits0
CNVD
CNVD
added 2016/07/13 12:0 a.m.6 views

Android Bluetoot function buffer overflow vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which Bluetooth is a component. A buffer overflow vulnerability exists in the 'createpbuf' function in the btif/src/btifhh.c file of Bluetooth in Android, which can be exploite...

7.5CVSS8.2AI score0.00357EPSS
Exploits0References1
Rows per page
Query Builder