3 results (0.006 seconds)

CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0

Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection. Los dispositivos Z-Wave basados en los conjuntos de chips de la serie 500 de Silicon Labs que usan encapsulación CRC-16, incluidos, entre otros, el Linear LB60Z-1 versión 3.5, el Dome DM501 versión 4.26 y el Jasco ZW4201 versión 4.05, no implementan el cifrado ni la protección contra repeticiones • https://doi.org/10.1109/ACCESS.2021.3138768 https://github.com/CNK2100/VFuzz-public https://ieeexplore.ieee.org/document/9663293 https://kb.cert.org/vuls/id/142629 https://www.kb.cert.org/vuls/id/142629 • CWE-311: Missing Encryption of Sensitive Data •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable. • https://doi.org/10.1109/ACCESS.2021.3138768 https://github.com/CNK2100/VFuzz-public https://ieeexplore.ieee.org/document/9663293 https://kb.cert.org/vuls/id/142629 https://www.kb.cert.org/vuls/id/142629 • CWE-311: Missing Encryption of Sensitive Data •

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in the Linear Case module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el módulo Linear Case 6.x-1.x anterior a 6.x-1.3 para Drupal permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/74340 https://www.drupal.org/node/2459197 https://www.drupal.org/node/2459327 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •