1340 matches found
CVE-2017-16674
Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent DWA 1.0.5.0 and earlier...
Command injection
Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent DWA 1.0.5.0 and earlier...
CVE-2017-16674
Datto Windows Agent (DWA) versions 1.0.5.0 and earlier are vulnerable to unauthenticated remote command execution when an attacker combines a modified primary/secondary command with the CVE-2017-16673 rogue pairing attack. The issue affects DWA by allowing an attacker to gain unauthenticated acce...
Android BNEP Remote Code Execution Vulnerability
The Bluetooth Network Encapsulation Protocol BNEP is used to transfer data from another protocol stack via L2CAP. A remote code execution vulnerability exists in Android BNEP. The vulnerability is in the Bluetooth Network Encapsulation Protocol BNEP service, which allows Internet sharing over a...
Motorola MX011ANM Comcast Firmware Design Flaw Vulnerability
The Motorola MX011ANM is an Internet set-top box device from Motorola, U.S.A. Comcast is a set of firmware developed by Comcast that runs in devices such as gateways and modems. A security vulnerability exists in the Comcast firmware in the Motorola MX011ANM using firmware version...
CVE-2017-9493
The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows remote attackers to conduct successful forced-pairing attacks between an RF4CE remote and a set-top box by repeatedly transmitting the same pairing code...
Code injection
The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows remote attackers to conduct successful forced-pairing attacks between an RF4CE remote and a set-top box by repeatedly transmitting the same pairing code...
CVE-2017-9493
The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows remote attackers to conduct successful forced-pairing attacks between an RF4CE remote and a set-top box by repeatedly transmitting the same pairing code...
CVE-2017-9493
Summary: CVE-2017-9493 affects Comcast firmware on Motorola MX011ANM devices (firmware MX011AN_2.9p6s1_PROD_sey). A design/implementation issue in the RF4CE pairing flow allows remote attackers to perform successful forced-pairing attacks by repeatedly transmitting the same pairing code between a...
CVE-2017-9493
The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows remote attackers to conduct successful forced-pairing attacks between an RF4CE remote and a set-top box by repeatedly transmitting the same pairing code...
crackle - Crack Bluetooth Smart (BLE) Encryption
crackle cracks BLE Encryption AKA Bluetooth Smart. crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK Temporary Key. With the TK and other data collected from the pairing process, the STK Short Term Key and later the LTK Long Ter...
CVE-2016-6719
An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is...
UBUNTU-CVE-2016-6719
An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is...
Google Android Bluetooth Elevation of Privilege Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which Bluetooth is a component. An elevation of privilege vulnerability exists in Bluetooth in Android. A remote attacker can exploit this vulnerability to pair any Bluetooth...
TrackR Bravo Unauthorized Pairing Vulnerability
The TrackR Bravo is a Bluetooth item loss prevention device. TrackR Bravo allows unauthorized pairing of Bluetooth devices. A remote attacker can exploit the vulnerability to write multiple device properties via an unauthorized connection application...
Zizai Tech Nut Design Vulnerability
Zizai Tech Nut is a Nut smart finder and anti-loss patch product from China's Zizai Tech. Zizai Tech Nut allows unauthorized pairing of Bluetooth devices, which can be exploited by a remote attacker to submit a special request to write data to the device name attribute...
Tracking Devices Latest Privacy Risk to Users
Update: TrackR has responded to Rapid7’s disclosure. First, it said it has addressed the authentication issue months ago, but the deprecated call remained online even though it was no longer used by its apps. “We are grateful that Rapid7 brought this possible point of confusion to our attention; ...
Zizai Tech Nut contains multiple vulnerabilities
Overview Zizai Tech Nut contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313: Cleartext Storage in a File or on Disk - CVE-2016-6547The Nut mobile app stores the account password used to authenticate to the cloud API in...
August 23, 2016 — KB3176934 (OS Build 14393.82)
None None...
Android Bluetoot function buffer overflow vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which Bluetooth is a component. A buffer overflow vulnerability exists in the 'createpbuf' function in the btif/src/btifhh.c file of Bluetooth in Android, which can be exploite...