QNAP Systems Notes Station 安全漏洞

QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from an authentication missing vulnerability that stems from the inclusion of ...

PT-2024-33302 · Unknown · Ventilator Software Tools

Name of the Vulnerable Software and Affected Versions: Ventilator software tools affected versions not specified Description: The software tools used by service personnel to test and calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the...

The vulnerability of the OPC server WorkstationST, related to the lack of authentication for critical functions, allows attackers to write or overwrite files on the configuration server.

The vulnerability of the OPC server WorkstationST is related to the absence of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to record or rerecord configuration files on the server remotely...

CVE-2024-39664 WordPress Filter & Grids plugin <= 2.8.32 - Broken Authentication vulnerability

Missing Authorization vulnerability in YMC Filter & Grids allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Filter & Grids: from n/a through 2.8.33...

The vulnerability of the Microsoft Dataverse data management platform, related to the absence of authentication procedures that prevent unauthorized access to protected information.

The vulnerability of the Microsoft Dataverse data management platform is related to the absence of authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the microprogrammed logic controller (PLC) Advantech ADAM-5630 software lies in the lack of authentication for a critical function. This allows a intruder to execute arbitrary commands and cause malfunctions in the device’s operation.

The vulnerability of the microprogrammed logic controller PLC Advantech ADAM-5630 software is related to the absence of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands and cause malfunctions in the system...

CVE-2023-6055

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the Extended Key Usage extension, the product...

The vulnerability of the microprogramming software of Moxa devices such as EDR-8010, EDR-G9004, EDR-G9010, EDR-G1002-BP, NAT-102 OnCell G4302-LTE4, and TN-4900 stems from the absence of authentication for a critical function. This allows attackers to gain full access to the device’s configuration.

The vulnerability of the microprogramming software in Moxa devices such as EDR-8010, EDR-G9004, EDR-G9010, EDR-G1002-BP, NAT-102 OnCell G4302-LTE4, and TN-4900 lies in the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker operating remotely to...

CVE-2023-52949

Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors...

CVE-2024-45075

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication...

Hitachi Energy MicroSCADA X SYS600 安全漏洞

Hitachi Energy MicroSCADA X SYS600 is a SCADA product from Hitachi, Japan. It ensures optimal control and reliable operation of your switching station through seamless integration and connectivity between different devices and systems. A security vulnerability exists in Hitachi Energy MicroSCADA ...

PT-2024-29899 · Homepage · Homepage

Name of the Vulnerable Software and Affected Versions: Homepage version 0.9.1 Description: The default setup of Homepage is vulnerable to DNS rebinding due to the lack of certificate and authentication. An attacker can exploit this by changing the DNS records of their domain to the internal IP...

The vulnerabilities of the CPCI85 and SICORE processor control modules from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, allow attackers to downgrade the firmware version of the devices.

The vulnerability of the CPCI85 and SICORE processor module control systems from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, stems from the lack of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to downgrade the firmware version of the...

WordPress Getwid – Gutenberg Blocks plugin <= 2.0.10 - Missing Authentication to API key update vulnerability

Missing Authentication to API key update vulnerability discovered by Peter Thaleikis in WordPress Plugin Getwid versions = 2.0.10...

SUSE CVE-2021-26928

BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD which may, for example, include Tigera products in some configurations, as well as products of other vendors may have been susceptible to route redirection for Denia...

CVE-2024-4609

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...

CVE-2023-39466

CVE-2023-39466 applies to Triangle MicroWorks SCADA Data Gateway. The vulnerability is in the get_config endpoint, where lack of authentication allows remote attackers to disclose sensitive information without credentials. Root cause: missing authentication prior to accessing get_config functiona...

CVE-2024-3701

The system application com.transsion.kolun.aiservice component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services...

CVE-2024-31813

TOTOLINK EX200 V4.0.3c.7646B20201211 does not contain an authentication mechanism by default...

CVE-2023-51571

Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this...