Collaborate Disseminate
The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data,or execute commands on the device. The attacker cannot obtain personally identifiable information. Continue reading VU#884840: Animas OneTouch Ping insulin pump contains multiple vulnerabilities
U by BB&T for iOS,version 1.5.4 and earlier,fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks. Continue reading VU#338624: U by BB&T iOS banking application fails to properly validate SSL certificates
The Aternity webserver,version 9 and prior,is reportedly vulnerable to cross-site scripting(XSS)on several web pages,and remote code execution via inclusion of untrusted functionality by default due to improper authentication before execution. Continue reading VU#706359: Aternity version 9 vulnerable to cross-site scripting and remote code execution
AVer Information EH6108H+hybrid DVR,version X9.03.24.00.07l and possibly earlier,reportedly contains multiple vulnerabilities,including undocumented privileged accounts,authentication bypass,and information exposure. Continue reading VU#667480: AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities
DEXIS is a dental x-ray imaging software that manages patient records. DEXIS Imaging Suite 10 contains several hard-coded credentials allowing administrative or root access to the patient database. Continue reading VU#282991: DEXIS Imaging Suite 10 contains hard-coded credentials
The Dentsply Sirona(previously known as Shick Technologies)CDR DICOM is software for managing medical dental records. CDR DICOM contains several hard-coded credentials allowing administrative or root access. Continue reading VU#548399: Dentsply Sirona CDR DICOM contains multiple hard-coded credentials
Open Dental is medical dental records management software. Open Dental version 16.1,and previous versions,installs with a blank root database(MySQL)password by default.. An attacker with network access to an Open Dental MySQL database could read,modify,or delete data. This Vulnerability Note initially,and incorrectly,stated that Open Dental used hard coded credentials. The Impact section also implied that in its default configuration,the Open Dental database was available over remote networks such as the internet. An Open Dental database would need to be specifically configured to allow remote network access. Continue reading VU#619767: Open Dental uses blank database password by default
The FortinetFortiWAN(Ascernlink)network load balancer appliance contains multiple vulnerabilities. Continue reading VU#724487: Fortinet FortiWAN load balancer appliance contains multiple vulnerabilities
The Accellion Kiteworks appliance prior to version kw2016.03.00 contains multiple vulnerabilities. Continue reading VU#305607: Accellion Kiteworks contains multiple vulnerabilities
ReadyDesk,version 9.1 and possibly others,contains SQL injection,path traversal,hard-coded cryptographic key,and arbitrary file upload vulnerabilities that may be leveraged to expose sensitive data and execute arbitrary code in the context of the vulnerable software. Continue reading VU#294272: ReadyDesk contains multiple vulnerabilities