166 matches found
CVE-2020-16239
When an actor claims to have a given identity, Philips SureSigns VS4, A.07.107 and prior does not prove or insufficiently proves the claim is correct...
Philips SureSigns VS4 License Issue Vulnerability
The Philips SureSigns VS4 is a vital signs monitor used to monitor physiological parameters in patients. An authorization issue vulnerability exists in Philips SureSigns VS4 A.07.107 and earlier versions, which stems from the product's failure to properly validate a user's claimed identity, no...
When in Doubt: Hang Up, Look Up, & Call Back
Many security-conscious people probably think they'd never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here's how one security and...
Microsoft security advisory: Vulnerability in IPsec could allow security feature bypass
Microsoft security advisory: Vulnerability in IPsec could allow security feature bypass INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, g...
CVE-2020-1803
Huawei smartphones Honor V20 with versions earlier than 10.0.0.179C636E3R4P3,versions earlier than 10.0.0.180C185E3R3P3,versions earlier than 10.0.0.180C432E10R3P4 have an information disclosure vulnerability. The device does not sufficiently validate the identity of smart wearable device in...
Authentication flaw
Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205C00E201R7P2 have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application to...
ABB eSOMS Identity Information Validation Error Vulnerability
ABB eSOMS is a plant operations management system from ABB Switzerland. ABB eSOMS suffers from an Identity Information Validation Error vulnerability that can be exploited by an attacker to make changes to Viewstate...
CVE-2020-1788
Honor V30 smartphones with versions earlier than 10.0.1.135C00E130R4P1 have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious...
Default credentials
The UBSexToken function of a smart contract implementation for Business Alliance Financial Circle BAFC, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public by default and does not check the caller's identity...
Design/Logic Flaw
Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens...
Code injection
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574...
F5 Networks BIG-IP : HTTPS monitor vulnerability (K05112543)
F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server. CVE-2018-5542 Impact This vulnerability may allow unauthorized disclosure and modification of monitor traffic by an attacker with a privileged network position...
Default credentials
Previous releases of the Puppet ciscoios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of ciscoios, host key checking is enabled by default...
Design/Logic Flaw
F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server...
CVE-2018-5542
CVE-2018-5542 affects F5 BIG-IP HTTPS health monitors (versions 13.0.0–13.0.1, 12.1.0–12.1.3.6, 11.2.1–11.6.3.2) that fail to validate the identity of the monitored server. The underlying design flaw allows an attacker with a privileged network position to potentially disclose/modify monitor traf...
CVE-2017-1264
IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739...
CVE-2014-9755
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity through the checking of the endpoint's SSL key before initiating the exchange, which allows remote attackers to perform a replay attack...
Design/Logic Flaw
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity through the checking of the endpoint's SSL key before initiating the exchange, which allows an attacker to perform a Man in the Middle attack...
Design/Logic Flaw
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity through the checking of the endpoint's SSL key before initiating the exchange, which allows remote attackers to perform a replay attack...
CVE-2014-9755
The CVE concerns Viprinet MultichannelVPN Router 300 hardware VPN client versions 2013070830/2013080900. The root cause is failure to validate the remote VPN endpoint identity by checking the endpoint’s SSL key before initiating the exchange, enabling a replay attack. Affected component: hardware...