74 matches found
CVE-2018-16596
A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box 2, Standard, and Plus prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UD...
Stack overflow
A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box 2, Standard, and Plus prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UD...
CVE-2018-16596
CVE-2018-16596 concerns a stack-based buffer overflow in the LAN UPnP service of Swisscom Internet-Box devices (2/Standard/Plus) on UDP port 1900. The flaw allows remote code execution if the attacker is inside the LAN and can send a UDP packet to port 1900; ASLR reduces reliability, making succe...
CVE-2018-16596
A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box 2, Standard, and Plus prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UD...
com.swisscom.cloud.sb:broker (>=4.0.0 <=4.2.5), org.springframework.credhub:spring-credhub-cloud-connector (>=1.0.0.RELEASE <=1.0.1.RELEASE) +1 more potentially affected by CVE-2018-15795 via org.springframework.credhub:spring-credhub-core (>=1.0.0.RELEASE <=1.0.1.RELEASE)
org.springframework.credhub:spring-credhub-core MAVEN version =1.0.0.RELEASE, =4.0.0, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.1.RELEASE Source cves: CVE-2018-15795 Source advisory: OSV:GHSA-Q3JG-4C82-J4XH...
Authentication flaw
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android, which results in an attacker being able to reuse cookies to bypass authentication and...
Swisscom MySwisscomAssistant DLL Loading Vulnerability
Swisscom MySwisscomAssistant is a telecom network assistant program from Swisscom, Switzerland. The program helps to set up, maintain and manage the network. A security vulnerability exists in the handling of multiple DLLs files in Swisscom MySwisscomAssistant version 2.17.1.1065. A remote attack...
Swisscom TVMediaHelper DLL Loading Vulnerability
Swisscom TVMediaHelper is a set-top box device from Swisscom, Switzerland. A security vulnerability exists in the handling of multiple DLLs files in Swisscom TVMediaHelper version 1.1.0.50. A remote attacker can exploit this vulnerability to execute arbitrary code on the target system. Multiple...
Design/Logic Flaw
Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that coul...
CVE-2018-6766
Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that coul...
CVE-2018-6765
Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing...
Design/Logic Flaw
Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing...
CVE-2018-6765
Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing...
CVE-2018-6766
Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that coul...
CVE-2018-6765
Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing...
CVE-2018-6766
Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that coul...
CVE-2018-6765
CVE-2018-6765 affects Swisscom MySwisscomAssistant 2.17.1.1065. The vulnerability is due to DLL loading handling: multiple DLLs (dwmapi.dll, IPHLPAPI.DLL, WindowsCodecs.dll, RpcRtRemote.dll, CRYPTSP.dll, rasadhlp.dll, DNSAPI.dll, ntmarta.dll, netbios.dll, olepro32.dll, security.dll, winhttp.dll, ...
CVE-2018-6766
CVE-2018-6766 affects Swisscom TVMediaHelper 1.1.0.50. The vulnerability arises from the handling of multiple DLLs (dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, apphelp.dll) loaded by SwisscomTVMediaHelper.exe, allowing a...
CVE-2016-10042
Authorization Bypass in the Web interface of Arcadyan SLT-00 Star aka Swisscom Internet-Box devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure...
Authorization
Authorization Bypass in the Web interface of Arcadyan SLT-00 Star aka Swisscom Internet-Box devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure...