Filtered by vendor
Subscriptions
Total
1332 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-0376 | 1 Cisco | 2 Mobility Services Engine, Policy Suite | 2024-11-29 | N/A |
A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco Bug IDs: CSCvi35109. | ||||
CVE-2018-0377 | 1 Cisco | 2 Mobility Services Engine, Policy Suite | 2024-11-29 | N/A |
A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017. | ||||
CVE-2024-11980 | 1 Billion Electric | 3 M120n, M150, M500 | 2024-11-29 | 8.6 High |
Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device. | ||||
CVE-2024-39707 | 2024-11-27 | 5.3 Medium | ||
Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version 05.46.19; kernel 5.5, version 05.54.19; kernel 5.6, version 05.61.19. | ||||
CVE-2024-5910 | 1 Paloaltonetworks | 1 Expedition | 2024-11-27 | 9.8 Critical |
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue. | ||||
CVE-2023-35830 | 1 Stw-mobile-machines | 4 Tcg-4, Tcg-4 Firmware, Tcg-4lite and 1 more | 2024-11-27 | 9.8 Critical |
STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS. | ||||
CVE-2023-36347 | 1 Codekop | 1 Codekop | 2024-11-27 | 7.5 High |
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. | ||||
CVE-2023-34761 | 1 7-eleven | 2 Hello Cup, Led Message Cup | 2024-11-27 | 6.5 Medium |
An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter. | ||||
CVE-2023-46381 | 1 Loytec | 6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more | 2024-11-27 | 8.2 High |
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. | ||||
CVE-2024-47138 | 1 Myscada | 2 Mypro Manager, Mypro Runtime | 2024-11-26 | 9.8 Critical |
The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed. | ||||
CVE-2023-2834 | 1 Stylemixthemes | 1 Bookit | 2024-11-26 | 9.8 Critical |
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | ||||
CVE-2024-5721 | 1 Logsign | 1 Unified Secops | 2024-11-26 | N/A |
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24169. | ||||
CVE-2024-5718 | 1 Logsign | 1 Unified Secops | 2024-11-26 | N/A |
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 by default when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24166. | ||||
CVE-2024-40408 | 1 Cybelesoft | 1 Thinfinity Workspace | 2024-11-25 | 7.3 High |
Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges. | ||||
CVE-2024-40405 | 1 Cybelesoft | 1 Thinfinity Workspace | 2024-11-25 | 8.1 High |
Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request. | ||||
CVE-2024-40404 | 1 Cybelesoft | 1 Thinfinity Workspace | 2024-11-25 | 9.8 Critical |
Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established. | ||||
CVE-2023-22906 | 1 Heroelectronix | 4 Qubo Hcd01, Qubo Hcd01 Firmware, Qubo Hcd02 and 1 more | 2024-11-25 | 8.8 High |
Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password. | ||||
CVE-2020-12491 | 2024-11-25 | N/A | ||
Improper control of framework service permissions with possibility of some sensitive device information leakage. | ||||
CVE-2020-12492 | 2024-11-25 | N/A | ||
Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information. | ||||
CVE-2024-38643 | 1 Qnap | 1 Notes Station 3 | 2024-11-22 | N/A |
A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later |