Top products
Latest CVEs
The 9 most recently published vulnerabilities affecting snapone.
- CVE-2023-25183 In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands...8.3
- CVE-2023-31240Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible thro...8.3
- CVE-2023-31245 Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supp...7.1
- CVE-2023-28386Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key me...8.6
- CVE-2023-31193 Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitat...7.5
- CVE-2023-31241Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.8.6
- CVE-2023-28412 When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud ...5.3
- CVE-2023-28649The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send de...8.6
- CVE-2014-5615The Snap Secure (aka com.exclaim.snapsecure.app) application 9.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtai...5.4