Total
801 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12822 | 1 Sentinel | 1 Sentinel Ldk Rte Firmware | 2019-10-02 | 7.5 HIGH | 9.9 CRITICAL |
| Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors. | |||||
| CVE-2017-17747 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2019-10-02 | 2.7 LOW | 6.5 MEDIUM |
| Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition. | |||||
| CVE-2017-17746 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2019-10-02 | 7.7 HIGH | 6.8 MEDIUM |
| Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated. | |||||
| CVE-2017-16241 | 1 Amag | 6 En-1dbc, En-1dbc Firmware, En-2dbc and 3 more | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command. | |||||
| CVE-2017-7315 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin. | |||||
| CVE-2017-1523 | 1 Ibm | 1 Infosphere Master Data Management | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892. | |||||
| CVE-2017-6409 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access. | |||||
| CVE-2019-12105 | 1 Supervisord | 1 Supervisor | 2019-09-17 | 6.4 MEDIUM | 8.2 HIGH |
| ** DISPUTED ** In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The maintainer indicated the ability to run an open server will not be removed but an additional warning was added to the documentation. | |||||
| CVE-2019-14511 | 1 Sphinxsearch | 1 Sphinx | 2019-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only). | |||||
| CVE-2019-13983 | 1 Rangerstudio | 1 Directus 7 Api | 2019-07-22 | 5.0 MEDIUM | 9.8 CRITICAL |
| Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php. | |||||
| CVE-2017-15123 | 1 Redhat | 1 Cloudforms Management Engine | 2019-07-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines. | |||||
| CVE-2016-2004 | 1 Hp | 1 Data Protector | 2019-07-12 | 9.3 HIGH | 9.8 CRITICAL |
| HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623. | |||||
| CVE-2019-9881 | 1 Wpgraphql | 1 Wpgraphql | 2019-06-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. | |||||
| CVE-2019-9879 | 1 Wpgraphql | 1 Wpgraphql | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation. | |||||
| CVE-2019-9880 | 1 Wpgraphql | 1 Wpgraphql | 2019-06-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username. | |||||
| CVE-2018-5338 | 1 Zohocorp | 1 Manageengine Desktop Central | 2019-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. | |||||
| CVE-2018-11247 | 1 Nasdaq | 1 Bwise | 2018-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81. | |||||
| CVE-2018-7778 | 1 Schneider-electric | 2 Evlink Charging Station, Evlink Charging Station Firmware | 2018-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users. | |||||
| CVE-2017-0919 | 1 Gitlab | 1 Gitlab | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized. | |||||
| CVE-2018-11476 | 1 Vgate | 2 Icar 2 Wi-fi Obd2, Icar 2 Wi-fi Obd2 Firmware | 2018-07-05 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication. | |||||