VYPR

Mini

by Birddog

CVEs (6)

  • CVE-2006-5019Sep 27, 2006
    risk 0.03cvss epss 0.04

    Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message.

  • CVE-2023-2504May 22, 2023
    risk 0.00cvss epss 0.00

    Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.

  • CVE-2023-2505May 22, 2023
    risk 0.00cvss epss 0.00

    The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.

  • CVE-2023-25758Feb 14, 2023
    risk 0.00cvss epss 0.00

    Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's…

  • CVE-2019-14357Aug 10, 2019
    risk 0.00cvss epss 0.00

    On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB…

  • CVE-2006-6223Dec 2, 2006
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.