VYPR

Solstice Pod

by Solstice Pod

CVEs (2)

  • CVE-2020-27523HigNov 11, 2020
    risk 0.49cvss 7.5epss 0.02

    Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which…

  • CVE-2020-35584MedDec 23, 2020
    risk 0.38cvss 5.9epss 0.01

    In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services…