Mini
by Birddog
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-5019 | 0.03 | — | 0.04 | Sep 27, 2006 | Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message. | |||
| CVE-2023-2504 | 0.00 | — | 0.00 | May 22, 2023 | Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials. | |||
| CVE-2023-2505 | 0.00 | — | 0.00 | May 22, 2023 | The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files. | |||
| CVE-2023-25758 | 0.00 | — | 0.00 | Feb 14, 2023 | Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's… | |||
| CVE-2019-14357 | 0.00 | — | 0.00 | Aug 10, 2019 | On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB… | |||
| CVE-2006-6223 | 0.00 | — | 0.03 | Dec 2, 2006 | Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter. |
- CVE-2006-5019Sep 27, 2006risk 0.03cvss —epss 0.04
Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message.
- CVE-2023-2504May 22, 2023risk 0.00cvss —epss 0.00
Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.
- CVE-2023-2505May 22, 2023risk 0.00cvss —epss 0.00
The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.
- CVE-2023-25758Feb 14, 2023risk 0.00cvss —epss 0.00
Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's…
- CVE-2019-14357Aug 10, 2019risk 0.00cvss —epss 0.00
On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB…
- CVE-2006-6223Dec 2, 2006risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.