Lucene search
K

79 matches found

CNNVD
CNNVD
added 2022/01/10 12:0 a.m.5 views

Silicon Labs Z-Wave Chipsets 安全漏洞

Silicon Labs Z-Wave Chipsets is a chipset in the smart home ecosystem from Silicon Labs, Inc. in the United States. A security vulnerability exists in Silicon Labs Z-Wave Chipsets that stems from the fact that the chipset uses a CRC-16 package and does not implement encryption or replay protectio...

8.1CVSS7.7AI score0.003EPSS
Exploits0References6
OSV
OSV
added 2021/05/14 1:15 p.m.2 views

CVE-2020-27184

The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks...

5.9CVSS6.2AI score0.00318EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/05/14 1:15 p.m.3 views

CVE-2020-27184

The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks...

5.9CVSS5.3AI score0.00318EPSS
Exploits0References4
CNVD
CNVD
added 2020/06/19 12:0 a.m.3 views

Baxter PrismaFlex and PrismMax Information Disclosure Vulnerabilities

The Baxter PrismaFlex and PrismMax are both critical care devices from Baxter. An information disclosure vulnerability exists in Baxter PrismaFlex all versions and PrismMax prior to version 3.x. The vulnerability stems from the failure of an affected device to encrypt e.g., TLS/SSL transmitted da...

7.5CVSS6.2AI score0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/14 9:3 p.m.22 views

CVE-2019-18980

On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. Th...

7.7AI score0.00439EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2019/06/20 3:15 a.m.4 views

CVE-2019-18980

On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. Th...

7.5CVSS7.5AI score0.00439EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2019/05/31 12:0 a.m.4 views

The vulnerability of Siemens SIMATIC process control systems, related to errors in network access restrictions, allows a intruder to execute arbitrary code.

The vulnerability of the Siemens SIMATIC process control system is related to errors in network access restrictions, if “encrypted communication” is not utilized. Exploiting this vulnerability allows a perpetrator who has not undergone identity verification to execute arbitrary codes...

9.8CVSS8AI score0.0264EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2018/10/10 12:0 a.m.7 views

Xiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices lack encryption of sensitive data vulnerability

Hangzhou Xiongmai Information Technology Co., Ltd. specializes in security monitoring, video intelligence research and development. Xiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices suffer from a lack of encryption of sensitive data vulnerability, which could allow an attacker to...

9.8CVSS9.3AI score0.01086EPSS
Exploits4References1
CNVD
CNVD
added 2018/05/28 12:0 a.m.3 views

SimpliSafe Original Information Disclosure Vulnerability (CNVD-2018-10490)

SimpliSafe Original is a home security management system. The system includes video surveillance and intrusion alarms, among other things. A security vulnerability exists in SimpliSafe Original that stems from a failure to encrypt transmissions. An attacker in close physical proximity could explo...

6.6CVSS6.6AI score0.00229EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/12 12:0 a.m.1 views

Mitochrome upgrade process has an arbitrary file download vulnerability

Meitu Xiu Xiu is a photo manipulation software. Mito Xiu Xiu in the upgrade process exists arbitrary file download vulnerability, due to the program in the update process does not use any encryption algorithms, the query domain name does not exist any checksum mechanism, the new version of the...

6.9AI score
Exploits0
OSV
OSV
added 2017/10/29 5:29 p.m.4 views

CVE-2017-15999

In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attack...

9.8CVSS5.8AI score0.00686EPSS
Exploits0References1
OSV
OSV
added 2017/07/07 12:29 p.m.6 views

CVE-2017-7406

The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing...

9.8CVSS5.8AI score0.00685EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/06/19 2:45 p.m.6 views

rhosp-director: libvirtd is deployed with no authentication

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on 0.0.0.0 all interfaces with no-authentication or encryption. Anyone able to make a TCP connection to any comput...

10CVSS5.8AI score0.04783EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2017/01/12 12:0 a.m.6 views

PT-2017-4331 · Hikvision · Hikvision Ds-2Cd2432F-Iw

Name of the Vulnerable Software and Affected Versions: Hikvision DS-2CD2432F-IW affected versions not specified Description: The issue is related to the use of a default SSID without WiFi encryption or authentication in Hikvision IP cameras. This can allow a remote attacker to gain elevated...

6.5CVSS7.6AI score0.00492EPSS
Exploits2References8
CNVD
CNVD
added 2015/12/20 12:0 a.m.5 views

Adcon Telemetry A840 Telemetry Gateway Information Disclosure Vulnerability

The Adcon Telemetry A840 Telemetry Gateway is the A840 series of gateway products from Adcon Telemetry, Germany. The Adcon Telemetry A840 Telemetry Gateway does not use SSL to encrypt network layer communications, allowing remote attackers to exploit vulnerabilities to obtain information in...

8.6CVSS6.9AI score0.01531EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/09/03 12:0 a.m.12 views

Cisco VPN Concentrator "No Encryption" Option Remote DoS (Bug ID CSCdx39981)

Binary data 2235.prm...

5CVSS7.3AI score0.01013EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/09/03 12:0 a.m.15 views

Cisco VPN Concentrator "No Encryption" Option Remote DoS (Bug ID CSCdx39981)

Binary data 2234.prm...

5CVSS7.3AI score0.01013EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/09/03 12:0 a.m.10 views

Cisco VPN Concentrator "No Encryption" Option Remote DoS (Bug ID CSCdx39981)

Binary data 2236.prm...

5CVSS7.3AI score0.01013EPSS
Exploits0References1
CVE
CVE
added 2002/02/02 5:0 a.m.48 views

CVE-2001-1006

Starfish Truesync Desktop 2.0b on the REX 5000 PDA stores sensitive files unencrypted and relies solely on password protection, enabling read access via another application. The CVE-2001-1006 entry notes lack of encryption with partial confidentiality impact, network‑level access, and no integrit...

5CVSS6.9AI score0.01096EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder