CVE-2025-6031 Insecure device pairing in end of life Amazon Cloud Cam

Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status...

CVE-2025-6031

CVE-2025-6031 concerns the now-deprecated Amazon Cloud Cam. The vulnerability arises from the device’s default pairing state, which can allow an arbitrary user to bypass SSL pinning and associate the camera with any network, enabling interception and modification of network traffic. Affected prod...

CVE-2025-6031 Insecure device pairing in end of life Amazon Cloud Cam

Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status...

CVE-2025-49194

The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed...

CVE-2025-49194 Unencrypted communication

The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed...

CVE-2025-49194

CVE-2025-49194 affects SICK Field Analytics and SICK Media Server. A root cause is support for authentication methods that transmit credentials in cleartext over unencrypted channels, enabling potential credential disclosure if traffic is intercepted. Public documentation from multiple sources co...

CVE-2025-49183

All communication with the REST API is unencrypted HTTP, allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files...

CVE-2025-49183

CVE-2025-49183 affects SICK Field Analytics and SICK Media Server. Root cause: unencrypted REST API communications over HTTP allow an attacker to intercept traffic, enabling information gathering and potential media-file downloads. Impact is described as confidentiality concerns (information disc...

CVE-2025-49183 Unencrypted communication (HTTP)

All communication with the REST API is unencrypted HTTP, allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files...

PT-2025-25308

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue is related to unencrypted communication with the REST API, which uses HTTP. This allows an attacker to intercept traffic between the actor and the webserver, potentially leading to...

Amazon Cloud Cam 安全漏洞

Amazon Cloud Cam is an HD webcam from Amazon. A security vulnerability exists in Amazon Cloud Cam that stems from the device's default pairing state allowing bypassing SSL fixes, which could lead to network traffic interception and modification...

PT-2025-25352 · Amazon · Amazon Cloud Cam

Name of the Vulnerable Software and Affected Versions: Amazon Cloud Cam affected versions not specified Description: The issue concerns a home security camera that is no longer supported due to its end-of-life status. When powered on, the device attempts to connect to a deprecated remote service...

CVE-2025-49146

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

The vulnerability of the SIMATIC PCS neo technology process management web system, related to incorrect session duration, allows a intruder to intercept the user’s session.

The vulnerability of the SIMATIC PCS neo technology process management web system is related to incorrect session duration. Exploiting this vulnerability could allow an attacker to intercept the user’s session...

CVE-2025-20163

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller NDFC could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by...

CVE-2025-20163

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller NDFC could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by...

CVE-2025-20163 Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller NDFC could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by...

Improper Certificate Validation

redshift-connector is vulnerable to Improper Certificate Validation. The vulnerability is due to improper SSL certificate validation due to the BrowserAzureOAuth2CredentialsProvider plugin skipping SSL verification for the Identity Provider, allowing token interception...

CVE-2025-44612

Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack...

CVE-2025-5279

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...