Vendor CVEs
Toshiba
All CVEs
67 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9388 | 0.00 | — | 0.01 | Sep 27, 2019 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product:… | |||
| CVE-2019-9368 | 0.00 | — | 0.00 | Sep 27, 2019 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:… | |||
| CVE-2019-9506 | 0.00 | — | 0.03 | Aug 14, 2019 | The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and… | |||
| CVE-2018-16197 | 0.00 | — | 0.01 | Jan 9, 2019 | Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device. | |||
| CVE-2018-16200 | 0.00 | — | 0.01 | Jan 9, 2019 | Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands. | |||
| CVE-2018-16201 | 0.00 | — | 0.01 | Jan 9, 2019 | Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute… | |||
| CVE-2018-16198 | 0.00 | — | 0.00 | Jan 9, 2019 | Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device. | |||
| CVE-2018-16199 | 0.00 | — | 0.01 | Jan 9, 2019 | Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-4875 | 0.00 | — | 0.02 | Jun 24, 2015 | CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with… | |||
| CVE-2015-0884 | 0.00 | — | 0.00 | Feb 28, 2015 | Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space… | |||
| CVE-2009-0657 | 0.00 | — | 0.00 | Feb 20, 2009 | Toshiba Face Recognition 2.0.2.32 allows physically proximate attackers to obtain notebook access by presenting a large number of images for which the viewpoint and lighting have been modified to match a stored image of the authorized notebook user. | |||
| CVE-2006-6903 | 0.00 | — | 0.02 | Dec 31, 2006 | Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | |||
| CVE-2006-5611 | 0.00 | — | 0.01 | Oct 31, 2006 | Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 has unspecified impact and attack vectors, related to the 4.20.01(T) "Security fix." NOTE: due to the lack of details in the vendor advisory, it is not clear whether this issue is related to CVE-2006-5405. | |||
| CVE-2006-5405 | 0.00 | — | 0.00 | Oct 19, 2006 | Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via crafted Bluetooth… | |||
| CVE-2006-3146 | 0.00 | — | 0.02 | Jun 22, 2006 | The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. … | |||
| CVE-2006-0212 | 0.00 | — | 0.02 | Jan 14, 2006 | Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\ sequences in the RFILE argument… | |||
| CVE-2005-0963 | 0.00 | — | 0.00 | May 2, 2005 | An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine the first slot in the Master Boot Record (MBR) table for an active partition, which prevents the system from booting even though the MBR is not malformed. NOTE: it has been debated as to whether or not this… |
- CVE-2019-9388Sep 27, 2019risk 0.00cvss —epss 0.01
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…
- CVE-2019-9368Sep 27, 2019risk 0.00cvss —epss 0.00
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…
- CVE-2019-9506Aug 14, 2019risk 0.00cvss —epss 0.03
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and…
- CVE-2018-16197Jan 9, 2019risk 0.00cvss —epss 0.01
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.
- CVE-2018-16200Jan 9, 2019risk 0.00cvss —epss 0.01
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands.
- CVE-2018-16201Jan 9, 2019risk 0.00cvss —epss 0.01
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute…
- CVE-2018-16198Jan 9, 2019risk 0.00cvss —epss 0.00
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device.
- CVE-2018-16199Jan 9, 2019risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-4875Jun 24, 2015risk 0.00cvss —epss 0.02
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with…
- CVE-2015-0884Feb 28, 2015risk 0.00cvss —epss 0.00
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space…
- CVE-2009-0657Feb 20, 2009risk 0.00cvss —epss 0.00
Toshiba Face Recognition 2.0.2.32 allows physically proximate attackers to obtain notebook access by presenting a large number of images for which the viewpoint and lighting have been modified to match a stored image of the authorized notebook user.
- CVE-2006-6903Dec 31, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
- CVE-2006-5611Oct 31, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 has unspecified impact and attack vectors, related to the 4.20.01(T) "Security fix." NOTE: due to the lack of details in the vendor advisory, it is not clear whether this issue is related to CVE-2006-5405.
- CVE-2006-5405Oct 19, 2006risk 0.00cvss —epss 0.00
Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via crafted Bluetooth…
- CVE-2006-3146Jun 22, 2006risk 0.00cvss —epss 0.02
The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. …
- CVE-2006-0212Jan 14, 2006risk 0.00cvss —epss 0.02
Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\ sequences in the RFILE argument…
- CVE-2005-0963May 2, 2005risk 0.00cvss —epss 0.00
An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine the first slot in the Master Boot Record (MBR) table for an active partition, which prevents the system from booting even though the MBR is not malformed. NOTE: it has been debated as to whether or not this…
Page 2 of 2