CVE-2014-6434
published 2014-10-07CVE-2014-6434: gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.
PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
3.17%
86.4th percentile
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gopro | gopro_hero | — | — |
| gopro | gopro_hero_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
arXiv
Mission Aware Cyber-physical Security
arxiv_fulltext·2025-10-23
Mission Aware Cyber-physical Security
Mission Aware Cyber-physical Security
[1]Georgios Bakirtzis
[2]Bryan Carter
[3]Cody H. Fleming
[4]Carl R. Elks
[1]LTCI, Télécom Paris, Institut Polytechnique de Paris
[2]University of Virginia
[3]Iowa State University
[4]Virginia Commonwealth University
Cody Fleming PhD, Iowa State University, Ames, Iowa, 50011, USA
[email protected]
## Abstract
Perimeter cybersecurity, while essential, has proven insufficient against sophisticated, coordinated, and cyber-physical attacks. In contrast, mission-centric cybersecurity emphasizes finding evidence of attack impact on mission success, allowing for targeted resource allocation to mitigate vulnerabilities and protect critical assets. Mission Aware is a systems-theoretic cybersecurity analysis that identifies components which, if compromised,
Bugzilla
CVE-2013-6434 rhev: remote-viewer spice tls-stripping issue
bugzilla·2013-12-10·CVSS 4.3
CVE-2013-6434 [MEDIUM] CVE-2013-6434 rhev: remote-viewer spice tls-stripping issue
CVE-2013-6434 rhev: remote-viewer spice tls-stripping issue
By default, remote-viewer first connects to insecure port and only switches to TLS when server requests/requires it when native spice client invocation method is used. An attacker on client local machine or on the router on the way can easily set up a MITM Evil Proxy that would pretend to be endpoint of plaintext port from client POV and it would act as a regular client to the server.
Acknowledgements:
Red Hat would like to thank Michael Samuel of Amcom for reporting this issue.
Discussion:
This issue has been addressed in following products:
RHEV Manager version 3.3
Via RHSA-2014:0038 https://rhn.redhat.com/errata/RHSA-2014-0038.html
---
Both trackers are closed, closing as handled.
2014-10-07
Published