GNSS SpAmming: A Spoofing-Based GNSS Denial-Of-Service Attack

GNSSs are vulnerable to attacks of two kinds: jamming i.e. denying access to the signal and spoofing i.e. impersonating a legitimate satellite. These attacks have been extensively studied, and we have a myriad of countermeasures to mitigate them. In this paper we expose a new type of attack:...

Leica Geosystems GNSS 安全漏洞

Leica Geosystems GNSS is a line of mapping equipment from Leica Germany. A security vulnerability exists in Leica Geosystems GNSS version 4.30.063, which stems from the presence of stored cross-site scripting in the configuration file upload function that could lead to the execution of arbitrary...

CVE-2025-20723

In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920033; Issue ID: MSV-3797...

CVE-2025-20723

In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920033; Issue ID: MSV-3797...

CVE-2025-20723

In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920033; Issue ID: MSV-3797...

PT-2025-41878

Name of the Vulnerable Software and Affected Versions gnss driver affected versions not specified Description An out-of-bounds read issue exists in the gnss driver due to an integer overflow. Successful exploitation could lead to local information disclosure, requiring an attacker to already...

RHEL 9 : Satellite 6.17.3 Async Update (Moderate) (RHSA-2025:13269)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13269 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide...

GNSS Spoofing Detection Based on Opportunistic Position Information

The limited or no protection for civilian Global Navigation Satellite System GNSS signals makes spoofing attacks relatively easy. With modern mobile devices often featuring network interfaces, state-of-the-art signals of opportunity SOP schemes can provide accurate network positions in replacemen...

The unexpected effects of GPS spoofing on aviation safety

GPS is one service in the Global Navigation Satellite System GNSS. Others include Russia’s GLONASS and the EU’s Galileo constellations. These are all used to provide Position, Navigation, and Timing PNT to civilian users including commercial aircraft. GPS was actually designed to have military...

satellite: arithmetic overflow in satellite

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity...

PT-2024-18540 · Gnss · Gnss

Name of the Vulnerable Software and Affected Versions: gnss affected versions not specified Description: The issue is related to a missing bounds check in gnss, which could lead to a local escalation of privilege. System execution privileges are needed for exploitation, and user interaction is no...

UNISOC Chipsets Security Vulnerability

UNISOC Chipsets is a chipset from China's Unisplendour UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a lack of boundary checking in the gnss service, which may result in out-of-bounds writes...

UNISOC Chipsets Security Vulnerability

UNISOC Chipsets is a chipset from China's Unisplendour UNISOC. A security vulnerability exists in UNISOC Chipsets, which stems from a lack of privilege checking in the gnss service. An attacker can exploit this vulnerability to escalate privileges...

CVE-2023-32817

In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035...

The vulnerability of the wifi_ap_pata_get.cmd component of the P5E GNSS satellite receiver’s microprogramming software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the wifiappataget.cmd component of the P5E GNSS satellite receiver’s microprogramming system is related to the unencrypted storage of confidential information. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the...

CVE-2021-45594

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS50Y before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before...

25-Year-Old Hacker Pleads Guilty to Hacking U.S. Military Satellite Phone System

A British computer hacker who allegedly hacked a United States Department of Defense satellite system in 2014 and accessed the personal information of hundreds of military personnel has pleaded guilty on Thursday. Sean Caffrey, a 25-year-old resident of Sutton Coldfield in the West Midlands, has...

The vulnerability of the GNSS operating system component in Android, allowing a intruder to gain access to protected information

The vulnerability of the Android operating system’s GNSS component is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to gain access to protected information...

Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)

A cross-site scripting XSS flaw was found in how XML data was handled in Red Hat Satellite. A user able to use the XMLRPC API could exploit this flaw to perform XSS attacks against other Satellite users...

Thousands of High-Risk Vulnerabilities Found in NOAA Satellite System

The informational systems that the National Oceanic and Atmospheric Administration NOAA run are loaded with several critical vulnerabilities that could leave it vulnerable to cyber attacks. According to the findings of an audit recently conducted by the Department of Commerce’s Office of the...