CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50381 – Missing Authentication for Critical Function in Snap One OVRC cloud
https://notcve.org/view.php?id=CVE-2024-50381
02 Dec 2024 — A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a request to claim it. Existe una vulnerabilidad en la nube OVRC de Snap One en la que un atacante puede hacerse pasar por un dispositivo Hub y enviar solicitudes para reclamar y cancelar la reclamación de dispositivos. El... • https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50380 – Authentication Bypass by Spoofing in Snap One OVRC cloud
https://notcve.org/view.php?id=CVE-2024-50380
02 Dec 2024 — Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device. La nube OVRC de Snap One utiliza la dirección MAC como identificador para proporcionar información cuando se le solicita. Un atacante puede hacerse pasar por otros dispositivos proporcionando direcciones MAC enumeradas y recibir información confidencial sobre el dispositivo. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5436 – Type Confusion in Snapchat Lenscore
https://notcve.org/view.php?id=CVE-2024-5436
31 May 2024 — Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or above. La confusión de tipos en Snapchat LensCore podría provocar una denegación de servicio o la ejecución de código arbitrario antes de la versión 12.88. Recomendamos actualizar a la versión 12.88 o superior. • https://hackerone.com/snapchat • CWE-704: Incorrect Type Conversion or Cast •