Vulnerabilities (CVE)

Filtered by vendor Kddi Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-0691	6 Apple, Google, Kddi and 3 more	6 Iphone Os, Android, \+ Message and 3 more	2019-02-04	4.3 MEDIUM	5.9 MEDIUM
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-1138	1 Kddi	2 Home Spot Cube, Home Spot Cube Firmware	2016-02-10	4.3 MEDIUM	4.7 MEDIUM
CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
CVE-2016-1140	1 Kddi	2 Home Spot Cube, Home Spot Cube Firmware	2016-02-10	4.3 MEDIUM	6.1 MEDIUM
KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2016-1136	1 Kddi	2 Home Spot Cube, Home Spot Cube Firmware	2016-02-10	3.5 LOW	5.4 MEDIUM
Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1141	1 Kddi	2 Home Spot Cube, Home Spot Cube Firmware	2016-02-02	6.5 MEDIUM	4.7 MEDIUM
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.