ReportizFlow
Filtered by vendor Onepeloton
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40527 | 1 Onepeloton | 1 Peloton | 2024-11-21 | 8.6 High |
| Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application. | ||||
| CVE-2021-40526 | 1 Onepeloton | 2 Ttr01, Ttr01 Firmware | 2024-11-21 | 4.8 Medium |
| Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike | ||||
| CVE-2021-33887 | 1 Onepeloton | 2 Ttr01, Ttr01 Firmware | 2024-11-21 | 6.8 Medium |
| Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader. | ||||
Page 1 of 1.