Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v’s6.x model 35700BAX & Baxter Spectrum Infusion System v’s8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus...
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or...
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or...
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow...
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view...
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful...
Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application...
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200...
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200...
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access...
LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadataexif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds. Date published : 2020-06-28 https://github.com/LibRaw/LibRaw/compare/0.20-Beta2…0.20-Beta3 https://github.com/LibRaw/LibRaw/issues/301
The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS. Date published : 2020-06-28 http://packetstormsecurity.com/files/158510/WordPress-NexosReal-Estate-Theme-1.7-Cross-Site-Scripting-SQL-Injection.html https://github.com/vladvector/vladvector.github.io/blob/master/exploit/2020-06-17-nexos-real-estate-wordpress-theme-v1-7.txt
The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection. Date published : 2020-06-28 http://packetstormsecurity.com/files/158510/WordPress-NexosReal-Estate-Theme-1.7-Cross-Site-Scripting-SQL-Injection.html https://github.com/vladvector/vladvector.github.io/blob/master/exploit/2020-06-17-nexos-real-estate-wordpress-theme-v1-7.txt
com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. Date published : 2020-06-27 https://docs.docker.com/docker-for-windows/release-notes/ https://whitehatck01.blogspot.com/2020/06/dockers-latest-version-of-privilege.html