Total
871 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-4919 | 1 Vmware | 1 Vcenter Server | 2024-02-04 | 6.8 MEDIUM | 9.0 CRITICAL |
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. | |||||
CVE-2017-14417 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services. | |||||
CVE-2017-4052 | 1 Mcafee | 1 Advanced Threat Defense | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter. | |||||
CVE-2017-7315 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin. | |||||
CVE-2017-12155 | 1 Ceph | 1 Ceph | 2024-02-04 | 3.3 LOW | 6.3 MEDIUM |
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume. | |||||
CVE-2017-8155 | 1 Huawei | 2 B2338-168, B2338-168 Firmware | 2024-02-04 | 7.2 HIGH | 8.4 HIGH |
The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without authentication. Successful exploit could allow the attacker to take control over the outdoor unit. | |||||
CVE-2017-1483 | 1 Ibm | 3 Security Identity Governance And Intelligence, Security Identity Manager, Security Privileged Identity Manager | 2024-02-04 | 7.5 HIGH | 8.6 HIGH |
IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621. | |||||
CVE-2017-18001 | 1 Trustwave | 1 Secure Web Gateway | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI. | |||||
CVE-2017-6044 | 1 Sierra Wireless | 4 Airlink Raven Xe, Airlink Raven Xe Firmware, Airlink Raven Xt and 1 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot. | |||||
CVE-2018-2360 | 1 Sap | 1 Sap Kernel | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage. | |||||
CVE-2017-2708 | 1 Huawei | 2 Nice, Nice Firmware | 2024-02-04 | 4.9 MEDIUM | 4.6 MEDIUM |
The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally. | |||||
CVE-2017-4055 | 1 Mcafee | 1 Advanced Threat Defense | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization. | |||||
CVE-2016-7830 | 1 Sony | 10 Pcs-xc1, Pcs-xc1 Firmware, Pcs-xg100 and 7 more | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors. | |||||
CVE-2015-9030 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication. | |||||
CVE-2017-17747 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2024-02-04 | 2.7 LOW | 6.5 MEDIUM |
Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition. | |||||
CVE-2017-14350 | 1 Hp | 1 Application Performance Management | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. | |||||
CVE-2017-1523 | 1 Ibm | 1 Infosphere Master Data Management | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892. | |||||
CVE-2017-12440 | 1 Openstack | 1 Openstack | 2024-02-04 | 6.0 MEDIUM | 7.5 HIGH |
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee. | |||||
CVE-2017-16241 | 1 Amag | 6 En-1dbc, En-1dbc Firmware, En-2dbc and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command. | |||||
CVE-2015-2888 | 1 Summerinfant | 2 Baby Zoom Wifi Monitor, Baby Zoom Wifi Monitor Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service. |