3270 matches found
CVE-2019-10964
Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker...
CVE-2019-10964
Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker...
Authentication flaw
In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed...
CVE-2019-10964
CVE-2019-10964 affects Medtronic MiniMed insulin pumps (508 and Paradigm series, and related models) via an improper access control weakness in wireless RF communications. The vulnerability allows an attacker with adjacent access to inject, replay, modify, or intercept data and potentially change...
Security feature bypass
IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416...
CVE-2019-10270
An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible due to lack of verification and correlation between the reset password key sent by mail and the userid parameter to reset the password of another user. One only needs to know the...
The vulnerability of the microprogrammed programmable logic controller Modicon, related to the use of insufficiently random values, allows a intruder to intercept TCP connections.
The vulnerability of the microprogrammed programmable logic controller Modicon is related to the use of insufficiently random values. Exploiting this vulnerability could allow a malicious actor to intercept TCP connections remotely...
qpid-proton: TLS Man in the Middle Vulnerability
A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...
qpid-proton: TLS Man in the Middle Vulnerability
A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...
Jingdong Financial App has a logic flaw vulnerability
Jingdong Finance APP is an investment software. A logic flaw vulnerability exists in Jingdong Financial APP. Allows attackers to bypass real-name verification by intercepting packets using proxy tools...
Security Advisory - MITM Vulnerability on Huawei Share
There is a man-in-the-middleMITM vulnerability on Huawei Share of certain smartphones. When users establish connection and transfer data through Huawei Share, an attacker could sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attac...
The False Promise of “Lawful Access” to Private Data
Opinion: As online extremism migrates to real-world violence, some suggest letting law enforcement intercept encrypted messages. But that’s a dangerous proposition...
PHP-Fusion 9.03.00 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "PHP-Fusion %q This module exploits command execution vulnerability in PHP-Fusion 9.03.00 and prior versions. It is possible to execute commands i...
PHP-Fusion 9.03.00 - Edit Profile Remote Code Execution (Metasploit)
PHP-Fusion 9.03.00 - Edit Profile Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "PHP-Fusion %q This module exploits command execution vulnerability in PHP-Fusi...
CVE-2018-4069
CVE-2018-4069 is an information-disclosure vulnerability in Sierra Wireless AirLink ES450 ACEManager authentication. The flaw stems from sending authentication data in plaintext XML over HTTP to the web server, enabling an attacker who can sniff network traffic upstream to access credentials. Pub...
CVE-2019-11220
An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials...
CVE-2019-11220
An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials...
Authentication flaw
The Leagoo P1 Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains the android framework i.e., systemserver with a package name of android that has been modified by Leagoo or another entity in the supply chain. The systemserv...
qpid-proton: TLS Man in the Middle Vulnerability
A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...
Large-scale SIM swap fraud
Introduction SIM swap fraud is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone. The fraud centers around exploiting a mobile phone operator's...