D Shield suffers from a webshell bypass vulnerability (CNVD-2020-01623)

D Shield is a proactive defense protection software designed specifically for IIS. D Shield suffers from a webshell bypass vulnerability that can be exploited by attackers to bypass the interception of submission data...

D Shield suffers from a webshell bypass vulnerability (CNVD-2020-02213)

D-Shield is a proactive defense software designed specifically for IIS to prevent websites and servers from being compromised by internal and external protection. D-Shield suffers from a webshell bypass vulnerability. An attacker can use this vulnerability to bypass the interception of submission...

Stripo Inc: SSL cookie without secure flag set

Issue background If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then t...

CVE-2019-5537

Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance 6.7 before 6.7u3a and 6.5 before 6.5u3d may allow a malicious actor to intercept sensitive data in transit over FTP...

CVE-2019-5537

Vulnerability: CVE-2019-5537 affects VMware vCenter Server Appliance 6.7 (before 6.7u3a) and 6.5 (before 6.5u3d), arising from lack of certificate validation in File-Based Backup and Restore, enabling an MITM attacker to intercept data in transit over FTPS/HTTPS. Connected advisory VMSA-2019-0018...

CVE-2019-12665

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new...

Webshell Bypass Vulnerability in D-Shield

D Shield is a proactive defense protection software designed specifically for IIS. D Shield suffers from a webshell bypass vulnerability that can be exploited by attackers to bypass the interception of submission data...

CVE-2019-10964

Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker...

CVE-2019-10964

Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker...

Authentication flaw

In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed...

CVE-2019-10964

CVE-2019-10964 affects Medtronic MiniMed insulin pumps (508 and Paradigm series, and related models) via an improper access control weakness in wireless RF communications. The vulnerability allows an attacker with adjacent access to inject, replay, modify, or intercept data and potentially change...

Security Advisory - MITM Vulnerability on Huawei Share

There is a man-in-the-middleMITM vulnerability on Huawei Share of certain smartphones. When users establish connection and transfer data through Huawei Share, an attacker could sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attac...

Design/Logic Flaw

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

Authentication flaw

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

CVE-2019-6538

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

CVE-2019-6538 Medtronic Conexus Radio Frequency Telemetry Protocol Improper Access Control

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

Medtronic's Implantable Defibrillators Vulnerable to Life-Threatening Hacks

The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter Defibrillator is a...

CVE-2018-1937

IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317...

CVE-2018-1938

IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318...

CVE-2018-1937

IBM Cloud Private 3.1.1 is affected by CVE-2018-1937. A local administrator could intercept highly sensitive unencrypted data due to insecure intra-service communications (IAM and OpenShift) over HTTP. The IBM Security Bulletin confirms the impact is data disclosure with local access and provides...