Filtered by CWE-16
Filtered by vendor Subscriptions
Total 316 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-54099 2024-12-12 6.7 Medium
File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-32991 1 Huawei 2 Emui, Harmonyos 2024-12-11 7.5 High
Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-46909 1 Progress 1 Whatsup Gold 2024-12-10 9.8 Critical
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.
CVE-2023-52719 1 Huawei 2 Emui, Harmonyos 2024-12-09 7.1 High
Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2018-0275 1 Cisco 1 Identity Services Engine 2024-11-29 N/A
A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. Cisco Bug IDs: CSCvf54409.
CVE-2018-0262 1 Cisco 1 Meeting Server 2024-11-29 N/A
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469.
CVE-2018-0263 1 Cisco 1 Meeting Server 2024-11-29 7.4 High
A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.
CVE-2018-15386 1 Cisco 1 Digital Network Architecture Center 2024-11-26 9.8 Critical
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.
CVE-2018-15448 1 Cisco 1 Registered Envelope Service 2024-11-26 7.5 High
A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to discover certain sensitive information about the application, including usernames.
CVE-2018-11922 2024-11-26 7.5 High
Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.
CVE-2023-43088 1 Dell 2 Precision 7865 Tower, Precision 7865 Tower Firmware 2024-11-21 7.2 High
Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.
CVE-2023-39392 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.
CVE-2023-39385 1 Huawei 2 Emui, Harmonyos 2024-11-21 9.1 Critical
Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access.
CVE-2023-33105 2024-11-21 7.5 High
Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.
CVE-2023-33076 1 Qualcomm 302 Aqt1000, Aqt1000 Firmware, Ar8035 and 299 more 2024-11-21 5.9 Medium
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
CVE-2022-43516 2 Microsoft, Zabbix 2 Windows Firewall, Zabbix 2024-11-21 6.5 Medium
A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
CVE-2022-37397 1 Yugabyte 1 Yugabytedb 2024-11-21 8.3 High
An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password.
CVE-2022-36423 2 Openatom, Openharmony 2 Openharmony, Openharmony 2024-11-21 7.4 High
OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.
CVE-2022-33233 1 Qualcomm 402 Apq8009, Apq8009 Firmware, Apq8009w and 399 more 2024-11-21 7.8 High
Memory corruption due to configuration weakness in modem wile sending command to write protected files.
CVE-2022-29095 1 Dell 2 Supportassist For Business Pcs, Supportassist For Home Pcs 2024-11-21 8.3 High
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system.