Total
1054 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11476 | 1 Vgate | 2 Icar 2 Wi-fi Obd2, Icar 2 Wi-fi Obd2 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication. | |||||
| CVE-2018-11247 | 1 Nasdaq | 1 Bwise | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81. | |||||
| CVE-2018-10635 | 1 Universal-robots | 2 Cb3.1, Cb3.1 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained. | |||||
| CVE-2018-0554 | 1 Buffalo | 2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. | |||||
| CVE-2018-0521 | 1 Buffalo | 2 Wxr-1900dhp2, Wxr-1900dhp2 Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. | |||||
| CVE-2018-0377 | 1 Cisco | 2 Mobility Services Engine, Policy Suite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017. | |||||
| CVE-2018-0376 | 1 Cisco | 2 Mobility Services Engine, Policy Suite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco Bug IDs: CSCvi35109. | |||||
| CVE-2018-0374 | 1 Cisco | 1 Mobility Services Engine | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful exploit could allow the attacker to access and change any data in the Policy Builder database. Cisco Bug IDs: CSCvh06134. | |||||
| CVE-2018-0127 | 1 Cisco | 4 Rv132w, Rv132w Firmware, Rv134w and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172. | |||||
| CVE-2017-8156 | 1 Huawei | 2 B2338-168, B2338-168 Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow the attacker to take control over the outdoor unit. | |||||
| CVE-2017-8155 | 1 Huawei | 2 B2338-168, B2338-168 Firmware | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without authentication. Successful exploit could allow the attacker to take control over the outdoor unit. | |||||
| CVE-2017-7315 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin. | |||||
| CVE-2017-6409 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access. | |||||
| CVE-2017-6044 | 1 Sierra Wireless | 4 Airlink Raven Xe, Airlink Raven Xe Firmware, Airlink Raven Xt and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot. | |||||
| CVE-2017-5637 | 2 Apache, Debian | 2 Zookeeper, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later. | |||||
| CVE-2017-5162 | 1 Binom3 | 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration. | |||||
| CVE-2017-4919 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | 6.8 MEDIUM | 9.0 CRITICAL |
| VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. | |||||
| CVE-2017-4055 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization. | |||||
| CVE-2017-4052 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter. | |||||
| CVE-2017-3819 | 1 Cisco | 2 Asr 5000 Series Software, Virtualized Packet Core | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853. | |||||