Lucene search
K

879 matches found

Zero Day Initiative
Zero Day Initiative
added 2026/03/06 12:0 a.m.6 views

(Pwn2Own) Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hkhappairstorageput function of the HomeKit implementation, which liste...

8.8CVSS6.2AI score0.00485EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.6 views

PT-2026-23776

Name of the Vulnerable Software and Affected Versions Philips Hue Bridge affected versions not specified Description A security issue exists in the Philips Hue Bridge related to the HomeKit Accessory Protocol. Specifically, a transient pairing mode authentication bypass is possible. This allows...

8.1CVSS7.2AI score0.004EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2026/03/06 12:0 a.m.6 views

(Pwn2Own) Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ed25519signopen function. The issue results from improper verification ...

6.3CVSS6.1AI score0.0029EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/06 12:0 a.m.7 views

(Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the HomeKit Accessory Protocol service, which listens o...

8.1CVSS5.8AI score0.004EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/06 12:0 a.m.8 views

(Pwn2Own) Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of...

8CVSS6.1AI score0.00495EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.10 views

PT-2026-23773

Name of the Vulnerable Software and Affected Versions Philips Hue Bridge affected versions not specified Description The Philips Hue Bridge contains a heap-based buffer overflow in the Zigbee stack’s custom command handler. This issue allows for remote code execution. The vulnerability was...

8CVSS7.8AI score0.00355EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.9 views

PT-2026-23777

Name of the Vulnerable Software and Affected Versions Philips Hue Bridge affected versions not specified Description A security issue exists in the Philips Hue Bridge related to the HomeKit Accessory Protocol. Specifically, a static nonce authentication bypass is possible. This allows an attacker...

8.1CVSS7.2AI score0.00396EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.13 views

PT-2026-23778

Name of the Vulnerable Software and Affected Versions Philips Hue Bridge affected versions not specified Description A heap-based buffer overflow exists in the HomeKit component of the Philips Hue Bridge, specifically within the hk hap pair storage put function. This issue could allow for remote...

8.8CVSS7.9AI score0.00485EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.8 views

PT-2026-23774

Name of the Vulnerable Software and Affected Versions Philips Hue Bridge affected versions not specified Description The Philips Hue Bridge is susceptible to a heap-based buffer overflow during the HomeKit pair-setup process. This issue could allow for remote code execution. The vulnerability was...

8.8CVSS7.9AI score0.00514EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2026/03/06 12:0 a.m.6 views

(Pwn2Own) Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hkhappairstorageput function. The issue results from the lack of proper...

8.8CVSS6.2AI score0.00514EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.9 views

PT-2026-23780

Name of the Vulnerable Software and Affected Versions Philips Hue Bridge versions affected versions not specified Description A flaw exists in the Philips Hue Bridge’s hk hap component related to Ed25519 signature verification. This issue allows for authentication bypass. The vulnerability was...

6.3CVSS6.6AI score0.0029EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23779

Name of the Vulnerable Software and Affected Versions Philips Hue Bridge affected versions not specified Description The Philips Hue Bridge contains a heap-based buffer overflow in the hk hap characteristics component. This issue allows for remote code execution. The vulnerability was discovered...

8CVSS7.8AI score0.00495EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2026/03/06 12:0 a.m.7 views

(Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the SRP authentication mechanism in the HomeKit Accesso...

8.1CVSS5.8AI score0.00396EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/06 12:0 a.m.7 views

(Pwn2Own) Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this vulnerability in that the user must initiate the device pairing process. The specific flaw exists within the handling of...

8CVSS6.2AI score0.00355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.10 views

CVE-2021-33024

Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval...

7.5CVSS7.1AI score0.00861EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.11 views

CVE-2019-18980

On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. Th...

7.5CVSS7.3AI score0.00439EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:17 a.m.7 views

CVE-2019-18241

In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay th...

6.5CVSS7AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.9 views

CVE-2020-12023

Philips IntelliBridge Enterprise IBE, Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns VS4, EarlyVue VS30 and IntelliVue Guardian IGS. Unencrypted user credentials received in the IntelliBridge Enterprise IBE are logged within the transaction logs, which are...

4.5CVSS7AI score0.00521EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.8 views

CVE-2021-27493

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component...

6.5CVSS6.8AI score0.00653EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:20 a.m.9 views

CVE-2021-27497

Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product...

9.8CVSS6.9AI score0.00815EPSS
Exploits0References1
Rows per page
Query Builder