CVE-2018-8846

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users...

Code injection

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor...

Code injection

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended...

CVE-2018-8842

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to...

CVE-2018-8848

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor...

CVE-2018-14803

Philips e-Alert Unit (non-medical device), Version R2.1 and prior, is affected by CVE-2018-14803 which describes an information-disclosure vulnerability: an attacker could obtain extraneous product information (e.g., OS/software components) via HTTP response headers that are normally not exposed....

CVE-2018-8850

Philips e-Alert Unit (non‑medical) Version R2.1 and prior is affected by CVE-2018-8850 due to improper input validation (CWE-20), which can cause unintended input, altered control flow, or arbitrary code execution. The vulnerability is documented with high to critical impact (NVD CVSS v3 base 9.8...