|
278941
|
9.8 |
CRITICAL
Network
|
baxter
|
sigma_spectrum_infusion_system_firmware
|
An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700…
|
CWE-255
Credentials Management
|
CVE-2014-5433
|
2024-11-21 11:12 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278942
|
9.8 |
CRITICAL
Network
|
baxter
|
sigma_spectrum_infusion_system_firmware
|
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may …
|
CWE-287
Improper Authentication
|
CVE-2014-5432
|
2024-11-21 11:12 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278943
|
6.8 |
MEDIUM
Physics
|
baxter
|
sigma_spectrum_infusion_system_firmware
|
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2014-5431
|
2024-11-21 11:12 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278944
|
9.8 |
CRITICAL
Network
|
baxter
|
sigma_spectrum_infusion_system_firmware
|
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2014-5434
|
2024-11-21 11:12 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278945
|
5.5 |
MEDIUM
Local
|
zarafa
|
zarafa_collaboration_platform
|
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.
|
CWE-200
Information Exposure
|
CVE-2014-5450
|
2024-11-21 11:12 |
2018-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278946
|
7.8 |
HIGH
Local
|
seafile
|
seafile_server
|
Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5443
|
2024-11-21 11:12 |
2018-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278947
|
5.5 |
MEDIUM
Local
|
clipboard_project
|
clipboard
|
clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$.
|
CWE-59
Link Following
|
CVE-2014-5509
|
2024-11-21 11:12 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278948
|
9.1 |
CRITICAL
Network
|
beckhoff
|
embedded_pc_images
twincat
|
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration To…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5415
|
2024-11-21 11:12 |
2016-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278949
|
9.1 |
CRITICAL
Network
|
beckhoff
|
embedded_pc_images
twincat
|
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote atta…
|
CWE-254
7PK - Security Features
|
CVE-2014-5414
|
2024-11-21 11:12 |
2016-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278950
|
- |
|
johnsoncontrols
|
metsys
|
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka…
|
NVD-CWE-Other
|
CVE-2014-5428
|
2024-11-21 11:12 |
2015-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
