Filtered by CWE-306
Filtered by vendor Subscriptions
Total 1332 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-8751 1 Sick 1 Msc800 Firmware 2024-09-13 7.5 High
A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.
CVE-2024-8321 1 Ivanti 1 Endpoint Manager 2024-09-13 5.8 Medium
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.
CVE-2024-8320 1 Ivanti 2 Automation, Endpoint Manager 2024-09-13 5.3 Medium
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.
CVE-2024-35143 1 Ibm 2 Planning Analytics Local, Planning Analytics Workspace 2024-09-11 6.7 Medium
IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420.
CVE-2024-7940 1 Hitachienergy 1 Microscada X Sys600 2024-08-28 8.3 High
The product exposes a service that is intended for local only to all network interfaces without any authentication.
CVE-2024-45049 1 Nixos 1 Hydra 2024-08-28 7.5 High
Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying https://github.com/NixOS/hydra/commit/f73043378907c2c7e44f633ad764c8bdd1c947d5 to any Hydra package. Users are advised to upgrade. Users unable to upgrade should deny the `/api/push` route in a reverse proxy. This also breaks the "Evaluate jobset" button in the frontend.
CVE-2024-43798 1 Jpillora 1 Chisel 2024-08-27 8.6 High
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented `AUTH` environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is using the `AUTH` environment variable to specify credentials to authenticate against is affected by this vulnerability. Chisel is often used to provide an entrypoint to a private network, which means services that are gated by Chisel may be affected. Additionally, Chisel is often used for exposing services to the internet. An attacker could MITM requests by connecting to a Chisel server and requesting to forward traffic from a remote port. This issue has been addressed in release version 1.10.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-35151 1 Ibm 2 Openpages Grc Platform, Openpages With Watson 2024-08-23 6.5 Medium
IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.
CVE-2024-35124 1 Ibm 1 Openbmc 2024-08-22 7.5 High
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674.
CVE-2024-43272 1 Icegram 1 Icegram 2024-08-19 5.3 Medium
Missing Authentication for Critical Function vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24.
CVE-2024-6347 1 Nissan-global 2 Altima, Blind Spot Detection Sensor Ecu Firmware 2024-08-16 6.5 Medium
* Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU's programming session. * No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication.
CVE-2024-32765 2024-08-12 4.2 Medium
A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later