VYPR
Vendor

Philips

Products
57
CVEs
107
Across products
125
Status
Private

Products

57
View all 57 products →

Recent CVEs

107
View all 107 CVEs →
  • CVE-2017-0143HigKEVMar 17, 2017
    risk 0.86cvss 8.8epss 0.93

    The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via…

  • CVE-2017-0199HigKEVApr 12, 2017
    risk 0.80cvss 7.8epss 1.00

    Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft…

  • CVE-2018-8856CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.01

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data.

  • CVE-2018-8850CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended…

  • CVE-2018-7498CriMar 28, 2018
    risk 0.64cvss 9.8epss 0.01

    In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.

  • CVE-2018-5451CriMar 28, 2018
    risk 0.64cvss 9.8epss 0.03

    In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly…

  • CVE-2018-5474CriMar 26, 2018
    risk 0.64cvss 9.8epss 0.06

    Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash.

  • CVE-2018-5472CriMar 26, 2018
    risk 0.64cvss 9.8epss 0.05

    Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.

  • CVE-2018-5468CriMar 26, 2018
    risk 0.64cvss 9.8epss 0.05

    Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code

  • CVE-2015-2882CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.02

    Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448…

  • CVE-2017-9656CriApr 24, 2018
    risk 0.59cvss 9.1epss 0.02

    The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this…

  • CVE-2026-3562HigMar 16, 2026
    risk 0.57cvss 8.8epss 0.00

    Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this…

  • CVE-2026-3560HigMar 16, 2026
    risk 0.57cvss 8.8epss 0.00

    Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to…

  • CVE-2026-3556HigMar 16, 2026
    risk 0.57cvss 8.8epss 0.01

    Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this…

  • CVE-2018-8852HigSep 26, 2018
    risk 0.57cvss 8.8epss 0.02

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier.

  • CVE-2018-8844HigSep 26, 2018
    risk 0.57cvss 8.8epss 0.01

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

  • CVE-2018-8842HigSep 26, 2018
    risk 0.57cvss 8.8epss 0.01

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which…

  • CVE-2018-8861HigMay 4, 2018
    risk 0.57cvss 8.7epss 0.00

    Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or…

  • CVE-2018-8853HigMay 4, 2018
    risk 0.57cvss 8.8epss 0.00

    Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk application, user, or an attacker to potentially attain unauthorized elevated…

  • CVE-2017-9654HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.01

    The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.