2631 matches found
CVE-2014-2045
CVE-2014-2045 affects Viprinet Multichannel VPN Router 300. The issue is multiple cross‑site scripting (XSS) vulnerabilities in both the device’s old and new web interfaces, exploitable via crafted usernames or other parameters (e.g., hostname, config inspect, atcommands, ping tool). Exploitation...
CVE-2014-2045
Multiple cross-site scripting XSS vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when 1 logging in or 2 creating an account in the old interface, 3 username when creating an accou...
Debian DLA-772-1 : linux security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2012-6704, CVE-2016-9793 Eric Dumazet found that a local user with CAPNETADMIN capability could set a socket's buffer size to be negative, leading ...
Even A Single Computer Can Take Down Big Servers Using BlackNurse Attack
Yes, you only need a single laptop with a decent internet connection, rather a massive botnet, to launch overwhelming denial of service DoS attacks in order to bring down major Internet servers and modern-day firewalls. Researchers at TDC Security Operations Center have discovered a new attack...
Animas OneTouch Ping Authentication Bypass Vulnerability (CNVD-2016-08537)
The Animas OneTouch Ping is a medical self-service device for diabetics taking insulin from Animas USA. The Animas OneTouch Ping device uses a customized communication protocol that allows an unauthenticated remote attacker to bypass authentication by relaying the attack and spoofing the affected...
Animas OneTouch Ping Data Forgery Vulnerability
The Animas OneTouch Ping is a medical self-service device for diabetics taking insulin from Animas USA. A security vulnerability exists in the Animas OneTouch Ping device that stems from the program failing to properly generate random numbers. A remote attacker could exploit the vulnerability to...
Animas OneTouch Ping Authentication Bypass Vulnerability
The Animas OneTouch Ping is a medical self-service device for diabetics taking insulin from Animas USA. The Animas OneTouch Ping device uses a customized communication protocol that allows an unauthenticated remote attacker to bypass authentication through a constructed confirmation packet that...
Animas OneTouch Ping Information Disclosure Vulnerability
The Animas OneTouch Ping is a medical self-service device for diabetics taking insulin from Animas USA. A security vulnerability exists in the Animas OneTouch Ping device that stems from the program not encrypting data. A remote attacker could exploit the vulnerability by sniffing a network to...
CVE-2016-5686
Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol...
CVE-2016-5086
Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks...
CVE-2016-5085
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake...
CVE-2016-5084
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network...
Information disclosure
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network...
Authentication flaw
Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol...
Authentication flaw
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake...
CVE-2016-5086
The connected documents confirm CVE-2016-5086 affects the Animas OneTouch Ping insulin pump system, where a lack of protections in the custom radio-frequency protocol enables authentication bypass via capture‑replay. In practice, an unauthenticated remote attacker could replay captured commands t...
CVE-2016-5686
The CVE-2016-5686 issue affects the Johnson & Johnson Animas OneTouch Ping insulin pump. It stems from a custom communication protocol that mishandles acknowledgements, allowing an unauthenticated remote attacker to spoof acknowledgement packets and bypass authentication. This could enable comman...
CVE-2016-5084
CVE-2016-5084 affects the Animas OneTouch Ping insulin pump system. Public details from ICS-CERT/URS indicate radio-frequency communications between the meter remote and pump transmit data in cleartext (CWE-319) and expose patient treatment/device data to unauthenticated remote listeners; related...
CVE-2016-5686
Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol...
CVE-2016-5085
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake...