EUVD-2020-4356

Malware in sbrugna...

CVE-2025-10540 Unencrypted and Unauthenticated Communication Allows Data Exposure and Manipulation in iMonitor EAM

iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext without authentication or encryption. An attacker with network access can intercept sensitive information such as...

CVE-2020-12040

Sigma Spectrum Infusion System v's6.x model 35700BAX and Baxter Spectrum Infusion System Versions 8.x model 35700BAX2 at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has...

Insecure Configuration

booth:sid is using insecure configuration. The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in...

AZL-36933 CVE-2022-2553 affecting package booth for versions less than 1.0-8

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster...

Acer QuickAccess 授权问题漏洞

Acer QuickAccess is used by Acer China Acer to adjust common settings on computers. A security vulnerability exists in Acer QuickAccess versions 2.01.300x through 2.01.3030 and 3.00.30xx through 3.00.3038, which originates when a user process communicates with a service with system privileges via...

CVE-2021-38457

The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication...

Authentication flaw

The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication...

CVE-2021-38457

The CVE-2021-38457 vulnerability affects AUVESY Versiondog (all versions prior to 8.0) and is categorized as Improper Access Control. The server permits communication and a session to be initiated without any authentication, enabling an attacker to gain control without credentials. The issue is e...

CVE-2021-38457 AUVESY Versiondog

The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication...

CVE-2020-12040

Sigma Spectrum Infusion System v's6.x model 35700BAX and Baxter Spectrum Infusion System Versions 8.x model 35700BAX2 at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has...

Code injection

Sigma Spectrum Infusion System v's6.x model 35700BAX and Baxter Spectrum Infusion System Versions 8.x model 35700BAX2 at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has...

CVE-2020-10620

Opto 22 SoftPAC Project (SoftPAC Project, v9.6 and earlier) is affected by a credentialless network interface that allows an attacker with network access to directly communicate with SoftPAC, including stopping services. Multiple connected sources (NVD, Red Hat, CNVD, PRION, CVE listings, and CIS...

CVE-2019-12503

Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In...

Stephan Mooltipass Moolticute Access Control Error Vulnerability

Stephan Mooltipass Moolticute is a hardware-based password manager. An Access Control Error vulnerability exists in Stephan Mooltipass Moolticute version 0.42.1 and earlier versions, which can be exploited by an attacker to communicate remotely with Mooltipass without authentication via a malicio...

20-Year-Old Bug in Legacy Microsoft Code Plagues All Windows Users

A 20-year-old vulnerability present in all versions of Microsoft Windows could allow a non-privileged user to run code that will give him or her full SYSTEM privileges on a target machine. The bug is notable because of where it resides: In a legacy, omnipresent protocol named Microsoft CTF. First...

Design/Logic Flaw

Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target...