Lucene search
K

68 matches found

CVE
CVE
added 2023/10/26 1:10 p.m.61 views

CVE-2023-41095

Silicon Labs OpenThread SDK (32-bit ARM, SecureVault High modules) is affected by CVE-2023-41095 due to missing encryption of security keys. The vulnerability could allow modification or extraction of network credentials stored in flash. Affected versions: 2.3.1 and earlier. Root cause: lack of e...

9.1CVSS7.3AI score0.00206EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/26 12:0 a.m.8 views

PT-2023-27782 · Silicon · Silicon Labs Ember Znet Sdk

Name of the Vulnerable Software and Affected Versions: Silicon Labs Ember ZNet SDK versions 7.3.1 and earlier Description: The issue allows potential modification or extraction of network credentials stored in flash due to missing encryption of security keys in the Silicon Labs Ember ZNet SDK on...

6.8CVSS6.8AI score0.00107EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.5 views

Silicon Labs OpenThread SDK Security Vulnerability

Silicon Labs OpenThread SDK is a software development kit from Silicon Labs, Inc. that supports the development and deployment of the Thread protocol. A security vulnerability exists in the Silicon Labs OpenThread SDK that stems from the presence of a security key missing encryption vulnerability...

9.1CVSS6.7AI score0.00206EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.7 views

Silicon Labs OpenThread SDK Security Vulnerability

Silicon Labs OpenThread SDK is a software development kit from Silicon Labs, Inc. that supports the development and deployment of the Thread protocol. A security vulnerability exists in the Silicon Labs OpenThread SDK that stems from the presence of a security key missing encryption vulnerability...

6.8CVSS6.7AI score0.00107EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.5 views

PT-2023-2710 · Microsoft · Windows Mshtml Platform +2

Name of the Vulnerable Software and Affected Versions: Windows MSHTML Platform affected versions not specified Description: The issue is related to errors in security settings, allowing a remote attacker to bypass security restrictions. This security-feature bypass vulnerability enables attackers...

6.5CVSS9.4AI score0.02842EPSS
Exploits0References11
NVD
NVD
added 2022/09/09 3:15 p.m.27 views

CVE-2022-26390

The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...

4.2CVSS0.00424EPSS
Exploits0References2
OSV
OSV
added 2022/09/09 3:15 p.m.8 views

CVE-2022-26390

The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...

4.2CVSS5.8AI score0.00424EPSS
Exploits0References2
Prion
Prion
added 2022/09/09 3:15 p.m.28 views

Information disclosure

The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...

1.2CVSS5.2AI score0.00424EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/09/09 2:40 p.m.62 views

CVE-2022-26390

CVE-2022-26390 affects Baxter SIGMA Spectrum/Spectrum/WBM: Wireless Battery Module versions (e.g., v16, v16D38, v17, v17D19, v20D29–v20D32, v22D19–v22D28) where network credentials and PHI stored in unencrypted form on the WBM. Exploitation requires physical access to a device that hasn’t had dat...

4.2CVSS4.5AI score0.00424EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/09 2:40 p.m.30 views

CVE-2022-26390 Unencrypted internal storage of security credentials

The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...

4.2CVSS4.5AI score0.00424EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/09/09 12:0 a.m.7 views

PT-2022-17823 · Baxter · Baxter Spectrum Wireless Battery Module

Name of the Vulnerable Software and Affected Versions: Baxter Spectrum Wireless Battery Module WBM affected versions not specified Description: The issue concerns the storage of network credentials and Protected Health Information PHI in unencrypted form, specifically applicable to Spectrum IQ...

4.2CVSS5.1AI score0.00424EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/09/08 10:3 p.m.3 views

CVE-2022-26390

The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...

4.2CVSS5.8AI score0.00424EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/08/16 1:15 a.m.4 views

CVE-2022-36307

The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models...

6.8CVSS6.7AI score0.0029EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/11/05 12:0 a.m.7 views

Meross Smart Wi-Fi 2 Way Wall Switch 安全漏洞

The Meross Smart Wi-Fi 2 Way Wall Switch is a smart device from China-based Meross Technology Meross. A security vulnerability exists in the Meross Smart Wi-Fi 2 Way Wall Switch MSS550X that could allow a remote attacker to obtain the Wi-Fi SSID and user-configured password from the Meross...

7.4CVSS6.6AI score0.00703EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/14 12:0 a.m.5 views

Siemens SINEMA Remote Connect Server 信息泄露漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. An information disclosure vulnerability exists in versions prior to Siemens SINEMA Remote Connect...

4.3CVSS5.8AI score0.00353EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2021/04/08 2:0 p.m.355 views

Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks

Threat actors are exploiting a Fortinet vulnerability flagged by the feds last week that delivers a new ransomware strain, dubbed Cring, that is targeting industrial enterprises across Europe. Researchers say the attackers are exploiting an unpatched path-reversal flaw, tracked as CVE-2018-13379,...

5CVSS10AI score0.99999EPSS
Exploits22References15
OSV
OSV
added 2019/05/20 7:29 p.m.6 views

CVE-2019-8352

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code ...

9.8CVSS7.4AI score0.06283EPSS
Exploits3References1
The Hacker News
The Hacker News
added 2018/03/13 4:37 p.m.61 views

13 Critical Flaws Discovered in AMD Ryzen and EPYC Processors

Security researchers claimed to have discovered 13 critical Spectre/Meltdown-like vulnerabilities throughout AMD's Ryzen and EPYC lines of processors that could allow attackers to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems. A...

8AI score
Exploits0
Prion
Prion
added 2017/09/07 1:29 p.m.12 views

Design/Logic Flaw

Lexmark Scan To Network SNF 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to 1 cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or 2...

5CVSS9.1AI score0.03358EPSS
Exploits3References3Affected Software1
0day.today
0day.today
added 2017/09/04 12:0 a.m.76 views

Lexmark Scan To Network (SNF) 3.2.9 Information Disclosure Vulnerability

Lexmark Scan to Network SNF printer application versions 3.2.9 and below suffer from a credential disclosure vulnerability. Summary ======= 1. Information exposure of network credentials in embedded printer application CVE-2017-13771 Vendor ====== "Lexmark creates innovative imaging solutions and...

5CVSS9AI score0.03358EPSS
Exploits3
Rows per page
Query Builder