CVE-2019-5537

Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance 6.7 before 6.7u3a and 6.5 before 6.5u3d may allow a malicious actor to intercept sensitive data in transit over FTP...

CVE-2019-5537

Vulnerability: CVE-2019-5537 affects VMware vCenter Server Appliance 6.7 (before 6.7u3a) and 6.5 (before 6.5u3d), arising from lack of certificate validation in File-Based Backup and Restore, enabling an MITM attacker to intercept data in transit over FTPS/HTTPS. Connected advisory VMSA-2019-0018...

CVE-2019-12665

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new...

Webshell Bypass Vulnerability in D-Shield

D Shield is a proactive defense protection software designed specifically for IIS. D Shield suffers from a webshell bypass vulnerability that can be exploited by attackers to bypass the interception of submission data...

CVE-2019-10964

Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker...

CVE-2019-10964

Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker...

Authentication flaw

In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed...

CVE-2019-10964

CVE-2019-10964 affects Medtronic MiniMed insulin pumps (508 and Paradigm series, and related models) via an improper access control weakness in wireless RF communications. The vulnerability allows an attacker with adjacent access to inject, replay, modify, or intercept data and potentially change...

Security Advisory - MITM Vulnerability on Huawei Share

There is a man-in-the-middleMITM vulnerability on Huawei Share of certain smartphones. When users establish connection and transfer data through Huawei Share, an attacker could sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attac...

Design/Logic Flaw

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

Authentication flaw

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

CVE-2019-6538

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

CVE-2019-6538 Medtronic Conexus Radio Frequency Telemetry Protocol Improper Access Control

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

Medtronic's Implantable Defibrillators Vulnerable to Life-Threatening Hacks

The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter Defibrillator is a...

CVE-2018-1938

IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318...

CVE-2018-1937

IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317...

CVE-2018-1937

IBM Cloud Private 3.1.1 is affected by CVE-2018-1937. A local administrator could intercept highly sensitive unencrypted data due to insecure intra-service communications (IAM and OpenShift) over HTTP. The IBM Security Bulletin confirms the impact is data disclosure with local access and provides...

CVE-2018-18071

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as...

CVE-2018-17400

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application. NOTE: the vendor says that, to exploit this, the user has to...

DEF CON 2018: ‘Man in the Disk’ Attack Surface Affects All Android Phones

A function of the Android storage mechanism opens up an attack surface that affects all Android devices, and allows an attacker to corrupt data, steal sensitive information or even take control of a mobile phone. Simply put, the issue – dubbed “man in the disk” – allows a bad actor to hijack the...