CWE:
 

Topic
Date
Author
Low
HP Wireless Mouse Spoofing Issue
17.05.2017
SySS GmbH
Med.
Microsoft Wireless Desktop 2000 Insufficent Verification / Mouse Spoofing
30.07.2016
SySS
Med.
Samsung SW Update Tool 2.2.5.16 Man-In-The-Middle
11.03.2016
CORE


CVEMAP Search Results

CVE
Details
Description
2019-03-25
High
CVE-2015-3956

Vendor: Pifzer
Software: Plum a+3 inf...
 

 
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.

 
2019-02-21
Low
CVE-2019-1667

Vendor: Cisco
Software: Hyperflex hx...
 

 
A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful exploit could allow the attacker to write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface. Versions prior to 3.5(2a) are affected.

 
2018-12-19
Medium
CVE-2018-15801

Updating...
 

 
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.

 
2018-11-02
Medium
CVE-2018-7798

Vendor: Schneider-electric
Software: Somachine basic
 

 
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.

 
2018-08-10
Low
CVE-2018-10626

Vendor: Medtronic
Software: Mycarelink 2...
 

 
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product's update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.

 
2018-07-24
Low
CVE-2017-3224

Vendor: Quagga
Software: Quagga
 

 
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages).

 
2018-06-08
Low
CVE-2017-1405

Vendor: IBM
Software: Security ide...
 

 
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392.

 
2018-04-13
Medium
CVE-2018-10080

Vendor: Secutech project
Software: Ris-11 firmware
 

 
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie.

 
2018-01-31
Low
CVE-2017-1773

Vendor: IBM
Software: Datapower ga...
 

 
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.

 
2017-12-25
Low
CVE-2017-12740

Updating...
 

 
Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top