Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0195 | 1 Cisco | 1 Ios Xe | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious request to an affected device via the REST API. A successful exploit could allow the attacker to selectively bypass authorization checks for the REST API of the affected software and use the API to perform privileged actions on an affected device. Cisco Bug IDs: CSCuz56428. | |||||
| CVE-2017-9552 | 1 Synology | 1 Photo Station | 2019-10-09 | 2.1 LOW | 7.8 HIGH |
| A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline". | |||||
| CVE-2017-7931 | 1 Abb | 2 Ip Gateway, Ip Gateway Firmware | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication. | |||||
| CVE-2017-7934 | 1 Osisoft | 1 Pi Data Archive | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. | |||||
| CVE-2017-7937 | 1 Phoenix Contact Gmbh | 2 Mguard, Mguard Firmware | 2019-10-09 | 4.3 MEDIUM | 4.0 MEDIUM |
| An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS servers are unreachable. | |||||
| CVE-2017-9939 | 1 Siemens | 1 Sipass Integrated | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication mechanism and perform administrative operations. | |||||
| CVE-2017-9625 | 1 Envitech | 1 Envidas Ultimate | 2019-10-09 | 6.4 MEDIUM | 8.2 HIGH |
| An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely. | |||||
| CVE-2017-9630 | 1 Pdqinc | 22 Laserjet, Laserjet Firmware, Laserwash 360 and 19 more | 2019-10-09 | 7.5 HIGH | 9.4 CRITICAL |
| An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions. The web server does not properly verify that provided authentication information is correct. | |||||
| CVE-2017-7920 | 1 Abb | 4 Vsn300, Vsn300 Firmware, Vsn300 For React and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating. | |||||
| CVE-2017-7912 | 1 Hanwhasecurity | 2 Srn-4000, Srn-4000 Firmware | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication. | |||||
| CVE-2017-7546 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. | |||||
| CVE-2017-7930 | 1 Osisoft | 1 Pi Data Archive | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. | |||||
| CVE-2017-7420 | 1 Microfocus | 3 Enterprise Developer, Enterprise Server, Enterprise Server Monitor And Control | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275). | |||||
| CVE-2017-7919 | 1 Newport | 4 Xps-cx, Xps-cx Firmware, Xps-qx and 1 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. An attacker may bypass authentication by accessing a specific uniform resource locator (URL). | |||||
| CVE-2017-6747 | 1 Cisco | 1 Identity Services Engine | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal. This vulnerability does not affect endpoints authenticating to the ISE. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance running Release 1.3, 1.4, 2.0.0, 2.0.1, or 2.1.0. Release 2.2.x is not affected. Cisco Bug IDs: CSCvb10995. | |||||
| CVE-2017-6871 | 1 Siemens | 2 Simatic Wincc Sm\@rtclient, Simatic Wincc Sm\@rtclient Lite | 2019-10-09 | 4.6 MEDIUM | 5.4 MEDIUM |
| A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions. | |||||
| CVE-2017-7909 | 1 Advantech B\+b Smartworx | 2 Mesr901, Mesr901 Firmware | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages. | |||||
| CVE-2017-5189 | 1 Netiq | 1 Imanager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance. | |||||
| CVE-2017-6049 | 1 3m | 1 Detcon Sitewatch Gateway | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL. | |||||
| CVE-2017-6617 | 1 Cisco | 1 Integrated Management Controller Supervisor | 2019-10-09 | 4.3 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583. | |||||