10 matches found
CVE-2022-0922
CVE-2022-0922 affects Philips e-Alert hardware (affected: e-Alert versions 2.7 and prior). The vulnerability is missing authentication for critical functions (CWE-306), with CVSSv3 base score 6.5 (AV:A, AC:L, PR:N, UI:N, S:U, C:N, I:N, A:H). Exploitation is adjacent-network, low complexity; impac...
CVE-2018-14803
Philips e-Alert Unit (non-medical device), Version R2.1 and prior, is affected by CVE-2018-14803 which describes an information-disclosure vulnerability: an attacker could obtain extraneous product information (e.g., OS/software components) via HTTP response headers that are normally not exposed....
CVE-2018-8842
CVE-2018-8842 affects Philips e-Alert Unit (non-medical) versions R2.1 and prior, where sensitive data is transmitted in cleartext over a network, enabling potential disclosure of personal contacts and login credentials within the same subnet. Root cause: cleartext transmission of sensitive infor...
CVE-2018-8856
This CVE affects Philips e-Alert Unit (non-medical device), Versions R2.1 and prior. The issue is the use of a hard-coded cryptographic key for internal data encryption (CWE-798), which enables high-severity impact. Per the connected docs, CVSS v3 base score is 9.8 (critical) with remote/network ...
CVE-2018-8844
Philips e-Alert Unit (non‑medical device), Version R2.1 and prior, contains a Cross‑Site Request Forgery (CSRF) weakness in which the web application does not sufficiently verify that a user’s request is intentional. This CSRF issue could allow an attacker to perform unauthorized operations when ...
CVE-2018-8846
Philips e-Alert Unit (non-medical device), Version R2.1 and prior, contains an input handling flaw that allows cross-site scripting when user-controlled data is placed in web page output. This CVE (CVE-2018-8846) is documented with a CWE-79 XSS pattern and a CVSS v3 base score of 7.1 (AV:N/AC:L/P...
CVE-2018-8848
Philips e-Alert Unit (non-medical device), Version R2.1 and prior, is affected by CVE-2018-8848 due to incorrect default permissions that expose an object to an unintended actor. This CVE is categorized under CWE-276 (Incorrect Default Permissions). The issue was observed during installation and ...
CVE-2018-8850
Philips e-Alert Unit (non‑medical) Version R2.1 and prior is affected by CVE-2018-8850 due to improper input validation (CWE-20), which can cause unintended input, altered control flow, or arbitrary code execution. The vulnerability is documented with high to critical impact (NVD CVSS v3 base 9.8...
CVE-2018-8852
Philips e-Alert Unit (non-medical device), Version R2.1 and prior, is affected by CVE-2018-8852 (session fixation). When authenticating or establishing a new session, an attacker may steal authenticated sessions without invalidating existing session IDs, enabling session hijacking. Severity in CV...
CVE-2018-8854
CVE-2018-8854 affects Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The issue is Uncontrolled Resource Consumption (Resource Exhaustion): the software does not properly restrict the size/amount of resources requested, allowing an attacker to consume resources. Affects Philips...