[SYSS-2014-008] McAfee File and Removable Media Protection (FRP/EEFF/EERM) - Use of a One-Way Hash with a Predictable Salt (CVE-2014-8565)

Notification: 2014-08-11 Solution Date: 2014-10-27 Public Disclosure: 2014-10-31 CVE Reference: CVE-2014-8565 Author of Advisory: Matthias Deeg (SySS GmbH) Overview: The software encryption tool McAfee Endpoint

[SYSS-2014-012] FancyFon FAMOC - Session Fixation

: 2015-01-23 Public Disclosure: 2015-01-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) ~~~ Overview: FAMOC is a mobile device management software by FancyFon supporting different kinds of mobile

[SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting

Date: 2015-01-23 Public Disclosure: 2015-01-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) ~~~ Overview: FAMOC is a mobile device management software by FancyFon supporting different kinds of

[SYSS-2014-013] FancyFon FAMOC - Use of a One-Way Hash without a Salt

-12-19 Solution Date: 2015-01-23 Public Disclosure: 2015-01-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) ~~~ Overview: FAMOC is a mobile device management software by FancyFon supporting

[SYSS-2014-010] FancyFon FAMOC - SQL Injection

: 2015-01-23 Public Disclosure: 2015-01-23 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg (SySS GmbH) Sebastian Nerz (SySS GmbH) ~~~ Overview: FAMOC is a mobile device management software by

[SYSS-2015-012] Panda Internet Security 2015 - Authentication Bypass

) Risk Level: Medium Solution Status: Not fixed Vendor Notification: 2015-02-27 Solution Date: - Public Disclosure: 2015-04-14 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Panda

[SYSS-2015-013] Panda Antivirus Pro 2015 - Authentication Bypass

) Risk Level: Medium Solution Status: Not fixed Vendor Notification: 2015-02-27 Solution Date: - Public Disclosure: 2015-04-14 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Panda

[SYSS-2015-014] Panda Global Protection 2015 - Authentication Bypass

) Risk Level: Medium Solution Status: Not fixed Vendor Notification: 2015-02-27 Solution Date: - Public Disclosure: 2015-04-14 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Panda

[SYSS-2015-015] Panda Gold Protection 2015 - Authentication Bypass

) Risk Level: Medium Solution Status: Not fixed Vendor Notification: 2015-02-27 Solution Date: - Public Disclosure: 2015-04-14 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Panda Gold

[SYSS-2014-007] FrontRange DSM - Multiple Vulnerabilities

yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: The client management solution FrontRange Desktop & Server Management (DSM) stores and uses sensitive user credentials for required user acco

[SYSS-2015-017] BullGuard Internet Security - Authentication Bypass

-288) Risk Level: Medium Solution Status: Not fixed Vendor Notification: 2015-03-16 Solution Date: - Public Disclosure: 2015-05-07 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview

[SYSS-2015-019] BullGuard Antivirus - Authentication Bypass

Level: Medium Solution Status: Not fixed Vendor Notification: 2015-03-16 Solution Date: - Public Disclosure: 2015-05-07 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: BullGuard

[SYSS-2015-018] BullGuard Premium Protection - Authentication Bypass

-288) Risk Level: Medium Solution Status: Not fixed Vendor Notification: 2015-03-16 Solution Date: - Public Disclosure: 2015-05-07 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview

[SYSS-2015-025] Netop Remote Control - Insufficiently Protected Credentials

Credentials (CWE-522) Risk Level: Medium Solution Status: Not fixed Vendor Notification: 2015-06-19 Solution Date: - Public Disclosure: 2015-08-24 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH

[SYSS-2015-010] Kaspersky Anti-Virus - Use of One-Way Hash withouth a Salt

: Fixed Vendor Notification: 2015-02-19 Solution Date: 2015-10-01 Public Disclosure: 2015-10-01 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Sven Freund (SySS GmbH) Overview: Kaspersky Anti-Virus is an

[SYSS-2015-007] Kaspersky Internet Security - Authentication Bypass

Channel (CWE-288) Risk Level: Medium Solution Status: Fixed Vendor Notification: 2015-02-19 Solution Date: 2015-10-01 Public Disclosure: 2015-10-01 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Sven Freund (SySS GmbH

[SYSS-2015-009] Kaspersky Anti-Virus - Authentication Bypass

(CWE-288) Risk Level: Medium Solution Status: Fixed Vendor Notification: 2015-02-19 Solution Date: 2015-10-01 Public Disclosure: 2015-10-01 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Sven Freund (SySS GmbH

[SYSS-2015-008] Kaspersky Internet Security - Use of One-Way Hash withouth a Salt

Status: Fixed Vendor Notification: 2015-02-19 Solution Date: 2015-10-01 Public Disclosure: 2015-10-01 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Sven Freund (SySS GmbH) Overview: Kaspersky

[SYSS-2015-005] Kaspersky Total Security - Authentication Bypass

Channel (CWE-288) Risk Level: Medium Solution Status: Fixed Vendor Notification: 2015-02-19 Solution Date: 2015-10-01 Public Disclosure: 2015-10-01 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Sven Freund (SySS GmbH

[SYSS-2015-006] Kaspersky Total Security - Use of One-Way Hash withouth a Salt

Status: Fixed Vendor Notification: 2015-02-19 Solution Date: 2015-10-01 Public Disclosure: 2015-10-01 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Sven Freund (SySS GmbH) Overview: Kaspersky Total

[SYSS-2015-004] Kaspersky Small Office Security - Use of One-Way Hash withouth a Salt

Solution Status: Fixed Vendor Notification: 2015-02-19 Solution Date: 2015-10-01 Public Disclosure: 2015-10-01 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Sven Freund (SySS GmbH) Overview: Kaspersky

[SYSS-2015-002] Kaspersky Endpoint Security - Use of One-Way Hash withouth a Salt

(CWE-759) Risk Level: Low Solution Status: Fixed Vendor Notification: 2015-02-19 Solution Date: 2015-10-01 Public Disclosure: 2015-10-01 CVE Reference: Not yet assigned Authors of Advisory: Sven Freund and Matthias Deeg (SySS GmbH

[SYSS-2015-003] Kaspersky Small Office Security - Authentication Bypass

Channel (CWE-288) Risk Level: Medium Solution Status: Fixed Vendor Notification: 2015-02-19 Solution Date: 2015-10-01 Public Disclosure: 2015-10-01 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Sven Freund (SySS GmbH

[SYSS-2015-001] Kaspersky Endpoint Security - Authentication Bypass

Alternate Path or Channel (CWE-288) Risk Level: Medium Solution Status: Fixed Vendor Notification: 2015-02-19 Solution Date: 2015-10-01 Public Disclosure: 2015-10-01 CVE Reference: Not yet assigned Authors of Advisory: Sven Freund and Matthias Deeg (SySS GmbH

[SYSS-2015-037] MATESO Password Safe and Repository Enterprise - Insufficiently Protected Credentials

) Use of a One-Way Hash without a Salt (CWE-759) Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2015-07-09 Solution Date: 2015-10-05 Public Disclosure: 2015-10-12 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH

[SYSS-2015-034] MATESO Password Safe and Repository Enterprise - SQL Injection

) Authentication Bypass Using an Alternate Path or Channel (CWE-288) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2015-07-09 Solution Date: 2015-10-05 Public Disclosure: 2015-10-12 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH

[SYSS-2015-073] perfact::mpa - URL Redirection to Untrusted Site

< v3.2 Vulnerability Type: URL Redirection to Untrusted Site (CWE-601) Risk Level: Low Solution Status: Fixed Manufacturer Notification: 2015-12-18 Solution Date: 2016-01-18 Public Disclosure: 2016-02-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Sven Freund

[SYSS-2015-072] perfact::mpa - Insecure Direct Object References

< v3.2 Vulnerability Type: Insecure Direct Object References (CWE-932) Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2015-12-18 Solution Date: 2016-01-18 Public Disclosure: 2016-02-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Sven Freund

[SYSS-2015-071] perfact::mpa - Cross-Site Request Forgery

< v3.2 Vulnerability Type: Cross-Site Request Forgery (CWE-352) Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2015-12-18 Solution Date: 2016-01-18 Public Disclosure: 2016-02-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Sven Freund

[SYSS-2015-070] perfact::mpa - Cross-Site Scripting

< v3.2 Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2015-12-18 Solution Date: 2016-01-18 Public Disclosure: 2016-02-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Sven Freund

[SYSS-2015-066] perfact::mpa - Cross-Site Scripting

< v3.2 Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2015-12-18 Solution Date: 2016-01-18 Public Disclosure: 2016-02-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Sven Freund

[SYSS-2015-067] perfact::mpa - Insecure Direct Object References

< v3.2 Vulnerability Type: Insecure Direct Object References (CWE-932) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2015-12-18 Solution Date: 2016-01-18 Public Disclosure: 2016-02-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Sven Freund

[SYSS-2015-069] perfact::mpa - Insecure Direct Object References

< v3.2 Vulnerability Type: Insecure Direct Object References (CWE-932) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2015-12-18 Solution Date: 2016-01-18 Public Disclosure: 2016-02-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Sven Freund

[SYSS-2018-034]: ABUS Secvest - Rolling Code - Predictable from Observable State (CWE-341)

: Open Manufacturer Notification: 2018-11-21 Solution Date: - Public Disclosure: 2019-03-25 CVE Reference: CVE-2019-9863 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert Overview: ABUS Secvest (FUAA5) is a

[SYSS-2018-035]: ABUS Secvest Remote Control - Missing Encryption of Sensitive Data (CWE-311)

Status: Open Manufacturer Notification: 2018-11-21 Solution Date: - Public Disclosure: 2019-03-25 CVE Reference: CVE-2019-9862 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert Overview: ABUS Secvest FUBE50014 and

[SYSS-2018-036]: ABUS Secvest Remote Control - Denial of Service - Uncontrolled Resource Consumption (CWE-400)

: Low Solution Status: Open Manufacturer Notification: 2018-11-21 Solution Date: - Public Disclosure: 2019-03-25 CVE Reference: CVE-2019-9860 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert Overview: ABUS

[SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310)

Notification: 2019-03-15 Solution Date: - Public Disclosure: 2019-05-02 CVE Reference: CVE-2019-9861 Authors of Advisory: Matthias Deeg, Gerhard Klostermeier (SySS GmbH) Overview: ABUS Secvest (FUAA5) is a wireless alarm

[SYSS-2019-012]: Siemens LOGO! 8 - Use of Hard-coded Cryptographic Key (CWE-321)

) Risk Level: High Solution Status: Open Manufacturer Notification: 2019-04-04 Solution Date: 2019-05-14 (recommended mitigation by manufacturer) Public Disclosure: 2019-05-29 CVE Reference: CVE-2019-10920 Authors of Advisory: Manuel Stotz, Matthias Deeg (SySS GmbH

[SYSS-2019-013]: Siemens LOGO! 8 - Missing Authentication for Critical Function (CWE-306)

Function (CWE-306) Risk Level: High Solution Status: Open Manufacturer Notification: 2019-04-04 Solution Date: 2019-05-14 (recommended mitigation by manufacturer) Public Disclosure: 2019-05-29 CVE Reference: CVE-2019-10919 Authors of Advisory: Manuel Stotz (SySS GmbH), Matthias Deeg (SySS GmbH

[SYSS-2019-014]: Siemens LOGO! 8 - Storing Passwords in a Recoverable Format (CWE-257)

(CWE-257) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-04-04 Solution Date: 2019-05-14 (recommended mitigation by manufacturer) Public Disclosure: 2019-05-29 CVE Reference: CVE-2019-10921 Authors of Advisory: Manuel Stotz (SySS GmbH), Matthias Deeg (SySS GmbH

[SYSS-2019-007]: Inateck 2.4 GHz Wireless Presenter WP1001 - Keystroke Injection Vulnerability

) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2019-03-22 Solution Date: - Public Disclosure: 2019-06-04 CVE Reference: CVE-2019-12505 Author of Advisory: Matthias Deeg (SySS GmbH

[SYSS-2019-008]: Inateck 2.4 GHz Wearable Wireless Presenter WP2002 - Keystroke Injection Vulnerability

) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2019-03-22 Solution Date: - Public Disclosure: 2019-06-04 CVE Reference: CVE-2019-12504 Author of Advisory: Matthias Deeg (SySS GmbH

[SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability

: Insufficient Verification of Data Authenticity (CWE-345) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2019-04-12 Solution Date: - Public Disclosure: 2019-06-04 CVE Reference: CVE-2019-12506 Author of Advisory: Matthias Deeg (SySS GmbH

[SYSS-2019-004]: ABUS Secvest (FUAA50000) - Message Transmission - Unchecked Error Condition (CWE-391)

: Open Manufacturer Notification: 2019-03-02 Solution Date: - Public Disclosure: 2019-07-26 CVE Reference: CVE-2019-14261 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert Overview: ABUS Secvest (FUAA5) is a

[SYSS-2019-035]: Microsoft Surface Mouse - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-07-31 Solution Date: - Public Disclosure: 2019-10-10 CVE Reference: Not assigned yet Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Microsoft

[SYSS-2019-034]: Microsoft Surface Keyboard - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-07-31 Solution Date: - Public Disclosure: 2019-10-10 CVE Reference: Not assigned yet Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Microsoft

[SYSS-2019-033]: Microsoft Designer Bluetooth Desktop - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-07-31 Solution Date: - Public Disclosure: 2019-10-10 CVE Reference: Not assigned yet Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Microsoft

[SYSS-2019-011]: Fujitsu Wireless Keyboard Set LX390 - Keystroke Injection Vulnerability (CVE-2019-18200)

Vulnerability Risk Level: High Solution Status: Open (product reached end-of-life (EOL) in May 2019) Manufacturer Notification: 2019-04-01 Solution Date: - Public Disclosure: 2019-10-23 CVE Reference: CVE-2019-18200 Author of Advisory: Matthias Deeg (SySS GmbH

[SYSS-2019-010]: Fujitsu Wireless Keyboard Set LX390 - Missing Encryption of Sensitive Data (CWE-311) (CVE-2019-18201)

Solution Status: Open (product reached end-of-life (EOL) in May 2019) Manufacturer Notification: 2019-04-01 Solution Date: - Public Disclosure: 2019-10-23 CVE Reference: CVE-2019-18201 Author of Advisory: Matthias Deeg (SySS GmbH

[SYSS-2019-009]: Fujitsu Wireless Keyboard Set LX390 - Missing Protection against Replay Attacks (CVE-2019-18199)

against Replay Attacks Risk Level: Medium Solution Status: Open (product reached end-of-life (EOL) in May 2019) Manufacturer Notification: 2019-03-22 Solution Date: - Public Disclosure: 2019-10-23 CVE Reference: CVE-2019-18199 Author of Advisory: Matthias Deeg (SySS GmbH

[SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks

) Insufficient Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-05-20 Solution Date: - Public Disclosure: 2016-07-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[SYSS-2016-046] Perixx PERIDUO-710W - Missing Protection against Replay Attacks

against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-05-27 Solution Date: - Public Disclosure: 2016-07-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[SYSS-2016-047] Perixx PERIDUO-710W - Keystroke Injection Vulnerability

Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2016-05-27 Solution Date: - Public Disclosure: 2016-07-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[SYSS-2016-045] Perixx PERIDUO-710W - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

Data (Cryptographic Key) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-05-27 Solution Date: - Public Disclosure: 2016-07-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks

) Insufficient Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-05-20 Solution Date: - Public Disclosure: 2016-07-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[SYSS-2016-059] Microsoft Wireless Desktop 2000 - Insufficient Verification of Data Authenticity (CWE-345)

Spoofing Attack Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-06-28 Solution Date: - Public Disclosure: 2016-07-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks

against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-04-11 Solution Date: - Public Disclosure: 2016-06-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

(Cryptographic Key) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-04-22 Solution Date: - Public Disclosure: 2016-07-29 CVE Reference: Not yet assigned Authors of Advisory: Gerhard Klostermeier and Matthias Deeg (SySS GmbH

[SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability

Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2016-05-04 Solution Date: - Public Disclosure: 2016-07-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks

against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-04-11 Solution Date: - Public Disclosure: 2016-06-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

(Cryptographic Key) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-04-22 Solution Date: - Public Disclosure: 2016-07-29 CVE Reference: Not yet assigned Authors of Advisory: Gerhard Klostermeier and Matthias Deeg (SySS GmbH

[SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability

Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2016-05-04 Solution Date: - Public Disclosure: 2016-07-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)

build 3380124 (Update 1) Vulnerability Type: Improper Input Validation (CWE-20) Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2016-07-01 Solution Date: 2016-08-04 Public Disclosure: 2016-08-05 CVE Reference: CVE-2016-5331 Authors of Advisory: Matthias Deeg (SySS GmbH

[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)

build 3380124 (Update 1) Vulnerability Type: Improper Input Validation (CWE-20) Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2016-07-01 Solution Date: 2016-08-04 Public Disclosure: 2016-08-05 CVE Reference: CVE-2016-5331 Authors of Advisory: Matthias Deeg (SySS GmbH

[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)

build 3380124 (Update 1) Vulnerability Type: Improper Input Validation (CWE-20) Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2016-07-01 Solution Date: 2016-08-04 Public Disclosure: 2016-08-05 CVE Reference: CVE-2016-5331 Authors of Advisory: Matthias Deeg (SySS GmbH

[SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345)

) Mouse Spoofing Attack Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-06-28 Solution Date: - Public Disclosure: 2016-09-30 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

(Cryptographic Key) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-04-22 Solution Date: - Public Disclosure: 2016-10-05 CVE Reference: Not yet assigned Authors of Advisory: Gerhard Klostermeier and Matthias Deeg (SySS GmbH

[SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks

against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-07-07 Solution Date: - Public Disclosure: 2016-10-05 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks

Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-05-19 Solution Date: - Public Disclosure: 2016-10-05 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks

Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-05-19 Solution Date: - Public Disclosure: 2016-10-05 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[SYSS-2016-072] Olympia Protect 9061 - Missing Protection against Replay Attacks

Status: Fixed Manufacturer Notification: 2016-07-21 Solution Date: 2016-11-14 Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: The Olympia Protect 9061 is

[SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks

: Medium Solution Status: Open Manufacturer Notification: 2016-09-26 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: The EASY HOME MAS-S01-09

[SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks

Manufacturer Notification: 2016-07-14 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: The Blaupunkt Smart GSM Alarm SA 2500 Kit is a wireless

[SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks

Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2017-10-20 Solution Date: - Public Disclosure: 2018-01-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg (SySS GmbH) Overview