79 matches found
Silicon Labs Z-Wave Chipsets 安全漏洞
Silicon Labs Z-Wave Chipsets is a chipset in the smart home ecosystem from Silicon Labs, Inc. in the United States. A security vulnerability exists in Silicon Labs Z-Wave Chipsets that stems from the fact that the chipset uses a CRC-16 package and does not implement encryption or replay protectio...
CVE-2020-27184
The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks...
CVE-2020-27184
The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks...
Baxter PrismaFlex and PrismMax Information Disclosure Vulnerabilities
The Baxter PrismaFlex and PrismMax are both critical care devices from Baxter. An information disclosure vulnerability exists in Baxter PrismaFlex all versions and PrismMax prior to version 3.x. The vulnerability stems from the failure of an affected device to encrypt e.g., TLS/SSL transmitted da...
CVE-2019-18980
On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. Th...
CVE-2019-18980
On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. Th...
The vulnerability of Siemens SIMATIC process control systems, related to errors in network access restrictions, allows a intruder to execute arbitrary code.
The vulnerability of the Siemens SIMATIC process control system is related to errors in network access restrictions, if “encrypted communication” is not utilized. Exploiting this vulnerability allows a perpetrator who has not undergone identity verification to execute arbitrary codes...
Xiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices lack encryption of sensitive data vulnerability
Hangzhou Xiongmai Information Technology Co., Ltd. specializes in security monitoring, video intelligence research and development. Xiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices suffer from a lack of encryption of sensitive data vulnerability, which could allow an attacker to...
SimpliSafe Original Information Disclosure Vulnerability (CNVD-2018-10490)
SimpliSafe Original is a home security management system. The system includes video surveillance and intrusion alarms, among other things. A security vulnerability exists in SimpliSafe Original that stems from a failure to encrypt transmissions. An attacker in close physical proximity could explo...
Mitochrome upgrade process has an arbitrary file download vulnerability
Meitu Xiu Xiu is a photo manipulation software. Mito Xiu Xiu in the upgrade process exists arbitrary file download vulnerability, due to the program in the update process does not use any encryption algorithms, the query domain name does not exist any checksum mechanism, the new version of the...
CVE-2017-15999
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attack...
CVE-2017-7406
The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing...
rhosp-director: libvirtd is deployed with no authentication
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on 0.0.0.0 all interfaces with no-authentication or encryption. Anyone able to make a TCP connection to any comput...
PT-2017-4331 · Hikvision · Hikvision Ds-2Cd2432F-Iw
Name of the Vulnerable Software and Affected Versions: Hikvision DS-2CD2432F-IW affected versions not specified Description: The issue is related to the use of a default SSID without WiFi encryption or authentication in Hikvision IP cameras. This can allow a remote attacker to gain elevated...
Adcon Telemetry A840 Telemetry Gateway Information Disclosure Vulnerability
The Adcon Telemetry A840 Telemetry Gateway is the A840 series of gateway products from Adcon Telemetry, Germany. The Adcon Telemetry A840 Telemetry Gateway does not use SSL to encrypt network layer communications, allowing remote attackers to exploit vulnerabilities to obtain information in...
Cisco VPN Concentrator "No Encryption" Option Remote DoS (Bug ID CSCdx39981)
Binary data 2235.prm...
Cisco VPN Concentrator "No Encryption" Option Remote DoS (Bug ID CSCdx39981)
Binary data 2234.prm...
Cisco VPN Concentrator "No Encryption" Option Remote DoS (Bug ID CSCdx39981)
Binary data 2236.prm...
CVE-2001-1006
Starfish Truesync Desktop 2.0b on the REX 5000 PDA stores sensitive files unencrypted and relies solely on password protection, enabling read access via another application. The CVE-2001-1006 entry notes lack of encryption with partial confidentiality impact, network‑level access, and no integrit...