Lucene search
K

166 matches found

NVD
NVD
added 2020/08/21 1:15 p.m.16 views

CVE-2020-16239

When an actor claims to have a given identity, Philips SureSigns VS4, A.07.107 and prior does not prove or insufficiently proves the claim is correct...

4.9CVSS5AI score0.0091EPSS
Exploits0References2
CNVD
CNVD
added 2020/08/21 12:0 a.m.2 views

Philips SureSigns VS4 License Issue Vulnerability

The Philips SureSigns VS4 is a vital signs monitor used to monitor physiological parameters in patients. An authorization issue vulnerability exists in Philips SureSigns VS4 A.07.107 and earlier versions, which stems from the product's failure to properly validate a user's claimed identity, no...

4.9CVSS6.8AI score0.0091EPSS
Exploits0References1
Krebs on Security
Krebs on Security
added 2020/04/23 5:27 p.m.42 views

When in Doubt: Hang Up, Look Up, & Call Back

Many security-conscious people probably think they'd never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here's how one security and...

6.9AI score
Exploits0
Microsoft KB
Microsoft KB
added 2020/04/23 12:0 a.m.52 views

Microsoft security advisory: Vulnerability in IPsec could allow security feature bypass

Microsoft security advisory: Vulnerability in IPsec could allow security feature bypass INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, g...

5.9AI score
Exploits0
NVD
NVD
added 2020/04/20 8:15 p.m.14 views

CVE-2020-1803

Huawei smartphones Honor V20 with versions earlier than 10.0.0.179C636E3R4P3,versions earlier than 10.0.0.180C185E3R3P3,versions earlier than 10.0.0.180C432E10R3P4 have an information disclosure vulnerability. The device does not sufficiently validate the identity of smart wearable device in...

5.3CVSS5.1AI score0.00309EPSS
Exploits0References2
Prion
Prion
added 2020/04/20 8:15 p.m.17 views

Authentication flaw

Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205C00E201R7P2 have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application to...

4.3CVSS5.2AI score0.00593EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/03/13 12:0 a.m.2 views

ABB eSOMS Identity Information Validation Error Vulnerability

ABB eSOMS is a plant operations management system from ABB Switzerland. ABB eSOMS suffers from an Identity Information Validation Error vulnerability that can be exploited by an attacker to make changes to Viewstate...

3.5CVSS6.8AI score0.00825EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/01/21 10:49 p.m.20 views

CVE-2020-1788

Honor V30 smartphones with versions earlier than 10.0.1.135C00E130R4P1 have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious...

5.3AI score0.00591EPSS
Exploits0References1
Prion
Prion
added 2019/12/31 4:15 p.m.10 views

Default credentials

The UBSexToken function of a smart contract implementation for Business Alliance Financial Circle BAFC, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public by default and does not check the caller's identity...

5CVSS7.5AI score0.00931EPSS
Exploits0References1
Prion
Prion
added 2019/10/08 1:15 p.m.13 views

Design/Logic Flaw

Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens...

5CVSS7.5AI score0.00891EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/06/25 4:15 p.m.18 views

Code injection

IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574...

5.5CVSS5.2AI score0.00684EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.26 views

F5 Networks BIG-IP : HTTPS monitor vulnerability (K05112543)

F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server. CVE-2018-5542 Impact This vulnerability may allow unauthorized disclosure and modification of monitor traffic by an attacker with a privileged network position...

8.1CVSS7.8AI score0.01236EPSS
Exploits0References2
Prion
Prion
added 2018/10/02 7:29 p.m.23 views

Default credentials

Previous releases of the Puppet ciscoios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of ciscoios, host key checking is enabled by default...

4CVSS6.5AI score0.01075EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/07/25 2:29 p.m.20 views

Design/Logic Flaw

F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server...

6.8CVSS8.1AI score0.01236EPSS
Exploits0References1Affected Software13
CVE
CVE
added 2018/07/25 2:0 p.m.53 views

CVE-2018-5542

CVE-2018-5542 affects F5 BIG-IP HTTPS health monitors (versions 13.0.0–13.0.1, 12.1.0–12.1.3.6, 11.2.1–11.6.3.2) that fail to validate the identity of the monitored server. The underlying design flaw allows an attacker with a privileged network position to potentially disclose/modify monitor traf...

8.1CVSS8.1AI score0.01236EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/07/05 6:0 p.m.22 views

CVE-2017-1264

IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739...

7.2AI score0.0153EPSS
Exploits0References3
NVD
NVD
added 2017/01/20 3:59 p.m.15 views

CVE-2014-9755

The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity through the checking of the endpoint's SSL key before initiating the exchange, which allows remote attackers to perform a replay attack...

7.5CVSS7.5AI score0.03649EPSS
Exploits0References3
Prion
Prion
added 2017/01/20 3:59 p.m.18 views

Design/Logic Flaw

The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity through the checking of the endpoint's SSL key before initiating the exchange, which allows an attacker to perform a Man in the Middle attack...

4.3CVSS7.1AI score0.01704EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/01/20 3:59 p.m.11 views

Design/Logic Flaw

The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity through the checking of the endpoint's SSL key before initiating the exchange, which allows remote attackers to perform a replay attack...

5CVSS7.2AI score0.03649EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/01/20 3:0 p.m.45 views

CVE-2014-9755

The CVE concerns Viprinet MultichannelVPN Router 300 hardware VPN client versions 2013070830/2013080900. The root cause is failure to validate the remote VPN endpoint identity by checking the endpoint’s SSL key before initiating the exchange, enabling a replay attack. Affected component: hardware...

7.5CVSS7.5AI score0.03649EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder