CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2013-10001 – HTC One/Sense Mail Client certificate validation
https://notcve.org/view.php?id=CVE-2013-10001
A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used. Se ha encontrado una vulnerabilidad en HTC One/Sense versión 4.x. • http://www.modzero.ch/modlog/archives/2013/05/28/htcs_e-mail_client_fails_to_verify_server_certificates https://vuldb.com/?id.8900 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12176
https://notcve.org/view.php?id=CVE-2019-12176
Privilege escalation in the "HTC Account Service" and "ViveportDesktopService" in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges to SYSTEM via reconfiguration of either service. La escalada de privilegios en el "Servicio de cuenta de HTC" y "ViveportDesktopService" en HTC VIVEPORT anterior a la versión 1.0.0.36 permite a los atacantes locales escalar los privilegios al SISTEMA mediante la reconfiguración de cualquiera de los servicios. • https://community.viveport.com https://huskersec.com/privilege-escalation-via-htc-viveport-desktop-c93471ff87c8 • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12177
https://notcve.org/view.php?id=CVE-2019-12177
Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking. La escalada de privilegios debido a permisos de directorio no seguros que afectan a ViveportDesktopService en HTC VIVEPORT antes de la 1.0.0.36 permite a los atacantes locales escalar los privilegios a través del secuestro de DLL. • https://community.viveport.com https://huskersec.com/privilege-escalation-via-htc-viveport-desktop-c93471ff87c8 https://posts.specterops.io/razer-synapse-3-elevation-of-privilege-6d2802bd0585 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1170 – Volkswagen Customer-Link App Protection Mechanism Failure CAN Message Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-1170
This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Customer-Link App and Customer-Link Bridge. The issue results from the lack of a proper protection mechanism against unauthorized firmware updates. An attacker can leverage this vulnerability to inject CAN messages. • https://zerodayinitiative.com/advisories/ZDI-18-214 • CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4622
https://notcve.org/view.php?id=CVE-2013-4622
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. La funcionalidad 3G Mobile Hotspot en HTC Droid Incredible utiliza por defecto una contraseña WPA2 PSK "1234567890", lo que facilita a atacantes remotos obtener acceso mediante el aprovechamiento de una posición dentro de la zona de cobertura WLAN. • http://support.verizonwireless.com/clc/devices/knowledge_base.html?id=35523 http://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf • CWE-255: Credentials Management Errors •