Total
801 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1780 | 1 Frax | 1 Php Recommend | 2020-05-20 | 7.5 HIGH | N/A |
| admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters. | |||||
| CVE-2020-9473 | 1 Siedle | 2 Sg 150-0, Sg 150-0 Firmware | 2020-05-14 | 8.5 HIGH | 6.6 MEDIUM |
| The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway. | |||||
| CVE-2019-5620 | 2 Abb, Microsoft | 3 Microscada Pro Sys600, Windows 7, Windows Xp | 2020-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. | |||||
| CVE-2020-5870 | 1 F5 | 1 Big-iq Centralized Management | 2020-04-28 | 4.8 MEDIUM | 8.1 HIGH |
| In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer. | |||||
| CVE-2020-11649 | 1 Gitlab | 1 Gitlab | 2020-04-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted. | |||||
| CVE-2018-21132 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2020-04-24 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | |||||
| CVE-2020-7114 | 1 Arubanetworks | 1 Clearpass | 2020-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. As a result of this attack, a possible complete cluster compromise might occur. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher. | |||||
| CVE-2019-16879 | 1 Mysyngeryss | 2 Husky Rtu 6049-e70, Husky Rtu 6049-e70 Firmware | 2020-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function (CWE-306) vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to change configuration or perform other malicious activities. | |||||
| CVE-2011-3055 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2020-04-14 | 4.3 MEDIUM | N/A |
| The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension. | |||||
| CVE-2020-10625 | 1 Advantech | 1 Webaccess\/nms | 2020-04-10 | 7.5 HIGH | 9.8 CRITICAL |
| WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. | |||||
| CVE-2018-21041 | 1 Google | 1 Android | 2020-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x) software. Access to Gallery in the Secure Folder can occur without authentication. The Samsung ID is SVE-2018-13057 (December 2018). | |||||
| CVE-2020-10265 | 1 Universal-robots | 7 Ur10, Ur10e, Ur3 and 4 more | 2020-04-06 | 9.0 HIGH | 9.4 CRITICAL |
| Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more. The DashBoard server is not protected by any kind of authentication or authorization. | |||||
| CVE-2019-19092 | 1 Abb | 1 Esoms | 2020-04-03 | 3.5 LOW | 3.5 LOW |
| ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. | |||||
| CVE-2019-12125 | 1 Onap | 1 Open Network Automation Platform | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12126 | 1 Onap | 1 Open Network Automation Platform | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12127 | 1 Onap | 1 Open Network Automation Platform | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2020-10079 | 1 Gitlab | 1 Gitlab | 2020-03-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required. | |||||
| CVE-2020-6964 | 1 Gehealthcare | 12 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape Central Station Mai700 and 9 more | 2020-03-17 | 5.0 MEDIUM | 8.6 HIGH |
| In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network. | |||||
| CVE-2020-5328 | 1 Dell | 1 Emc Isilon Onefs | 2020-03-09 | 10.0 HIGH | 9.8 CRITICAL |
| Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur. | |||||
| CVE-2020-5326 | 1 Dell | 348 Chengming 3980, Chengming 3980 Firmware, Embedded Box Pc 5000 and 345 more | 2020-03-03 | 2.1 LOW | 5.3 MEDIUM |
| Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager. | |||||