Lucene search
K

20 matches found

CNVD
CNVD
added 2019/12/18 12:0 a.m.4 views

Unspecified Vulnerability in Barco ClickShare Button R9861500D01

The Barco ClickShare Button R9861500D01 is a wireless control device for presentation systems from Barco Belgium. A security vulnerability exists in the Barco ClickShare Button R9861500D01 with firmware prior to version 1.9.0, which can be exploited by an attacker to control the execution of ROM...

5.9CVSS6.9AI score0.01353EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/18 12:0 a.m.4 views

Barco ClickShare Button R9861500D01 Validation Error Vulnerability

The Barco ClickShare Button R9861500D01 is a wireless control device for presentation systems from Barco Belgium. An authentication error vulnerability exists in the Barco ClickShare Button R9861500D01 prior to version 1.9.0, which stems from the embedded 'donglebridge' program failing to properl...

9.8CVSS7.1AI score0.00678EPSS
Exploits0References1
NVD
NVD
added 2019/12/17 2:15 p.m.25 views

CVE-2019-18833

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure issue 2 of 2.. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An...

5.9CVSS5.7AI score0.00365EPSS
Exploits1References2
NVD
NVD
added 2019/12/17 2:15 p.m.29 views

CVE-2019-18832

Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable OTP AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01...

8.1CVSS8.1AI score0.00434EPSS
Exploits1References2
NVD
NVD
added 2019/12/17 2:15 p.m.19 views

CVE-2019-18829

Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'ClickshareForWindows.exe' binary on the ClickShare Button R9861500D01 loads a number of DLL files dynamically without verifying their integrity...

7.8CVSS7.8AI score0.00327EPSS
Exploits1References4
Prion
Prion
added 2019/12/17 2:15 p.m.18 views

Design/Logic Flaw

Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable OTP AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01...

6.8CVSS8.1AI score0.00434EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/12/17 1:53 p.m.45 views

CVE-2019-18833

Barco ClickShare Button R9861500D01 devices prior to 1.9.0 are affected. The issue allows information exposure because the per-session symmetric encryption key used for media content is generated for each session and transmitted over TLS; a Man-in-the-Middle between the TLS connection can obtain ...

5.9CVSS5.7AI score0.00365EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/12/17 1:51 p.m.46 views

CVE-2019-18832

Barco ClickShare Button R9861500D01 devices prior to 1.9.0 are affected by a credentials management issue for the at-rest encryption key. The one-time-programmable AES key is shared across all Buttons of model R9861500D01, enabling potential credential-related exposure. Red Hat and CVE records co...

8.1CVSS8AI score0.00434EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/12/17 1:50 p.m.43 views

CVE-2019-18829

Barco ClickShare Button R9861500D01 devices prior to firmware 1.10.0.13 are affected by a vulnerability where the Barco-signed Clickshare_For_Windows.exe binary loads multiple DLLs dynamically without verifying their integrity. Root cause: lack of DLL integrity checks during dynamic loading. Repo...

7.8CVSS7.7AI score0.00327EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2019/12/17 1:47 p.m.25 views

CVE-2019-18824

Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The ClickShare Button does not verify the integrity of the mutable content on the UBIFS partition before being used...

6.7AI score0.00336EPSS
Exploits1References4
NVD
NVD
added 2019/12/16 5:15 p.m.22 views

CVE-2019-18830

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'donglebridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code...

10CVSS10AI score0.04337EPSS
Exploits0References6
NVD
NVD
added 2019/12/16 5:15 p.m.13 views

CVE-2019-18826

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'donglebridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate chain...

9.8CVSS9.4AI score0.00678EPSS
Exploits0References1
Prion
Prion
added 2019/12/16 5:15 p.m.11 views

Design/Logic Flaw

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'donglebridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate chain...

7.5CVSS9.3AI score0.00678EPSS
Exploits0References1Affected Software4
CVE
CVE
added 2019/12/16 4:21 p.m.50 views

CVE-2019-18831

Barco ClickShare Button R9861500D01 devices prior to version 1.9.0 are affected by CVE-2019-18831, an information exposure vulnerability where the encrypted firmware stores the private key of a test device certificate. Public sources (NVD/Red Hat/CNVD) confirm the issue affects Barco ClickShare B...

5.3CVSS5.4AI score0.00566EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2019/12/16 4:19 p.m.25 views

CVE-2019-18830

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'donglebridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code...

10AI score0.04337EPSS
Exploits0References6
CVE
CVE
added 2019/12/16 4:19 p.m.52 views

CVE-2019-18830

Barco ClickShare Button R9861500D01 devices before firmware 1.9.0 are affected by an OS command injection in the embedded dongle_bridge component that exposes ClickShare Button functionality to a USB host. This vulnerability can lead to code execution with the privileges of user 'nobody'. Remedia...

10CVSS9.9AI score0.04337EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2019/12/16 4:17 p.m.54 views

CVE-2019-18828

Barco ClickShare Button R9861500D01 devices before firmware 1.9.0 have Insufficiently Protected Credentials: the embedded Linux root account used for access via debug interfaces (not enabled in production) relies on a weak password, enabling potential credential exposure. This CVE (CVE-2019-18828...

7.2CVSS6.7AI score0.00378EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2019/12/16 4:15 p.m.49 views

CVE-2019-18827

CVE-2019-18827 affects Barco ClickShare Button R9861500D01 devices with firmware older than 1.9.0, where JTAG access remains possible after ROM code execution before handing control to the embedded firmware. This is observed across multiple sources (NVD/Red Hat/Tenable/CNVD) and is limited to ROM...

5.9CVSS6AI score0.01353EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2019/12/16 4:13 p.m.21 views

CVE-2019-18826

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'donglebridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate chain...

9.5AI score0.00678EPSS
Exploits0References1
CVE
CVE
added 2019/12/16 4:13 p.m.41 views

CVE-2019-18826

Barco ClickShare Button R9861500D01 devices prior to 1.9.0 are affected by an improper certificate chain validation in the embedded dongle_bridge, which does not validate the entire certificate chain. This is documented across multiple sources (NVD/Red Hat/Nessus/CNVD) as a certificate-trust-chai...

9.8CVSS9.3AI score0.00678EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder