CVE-2019-7690

In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Passwordless Authentication that has a Password Protected SSH Private Key.

Source: CVE-2019-7690

CVE-2019-4259

A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.

Source: CVE-2019-4259

CVE-2018-4029

An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code execution.

Source: CVE-2018-4029

CVE-2018-4028

An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POST request to trigger this vulnerability.

Source: CVE-2018-4028

CVE-2018-4023

An exploitable code execution vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution.

Source: CVE-2018-4023

CVE-2018-4018

An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or upgrade firmware request to trigger this vulnerability.

Source: CVE-2018-4018

CVE-2018-4017

An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability.

Source: CVE-2018-4017

CVE-2018-4016

An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.

Source: CVE-2018-4016

CVE-2018-4027

An exploitable denial-of-service vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any physical or network inputs. An attacker can send a specially crafted packet to trigger this vulnerability.

Source: CVE-2018-4027

CVE-2018-4014

An exploitable code execution vulnerability exists in Wi-Fi Command 9999 of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.

Source: CVE-2018-4014