CVE-2020-6287

SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...

Micro Air Vehicle Link Access Control Error Vulnerability

Micro Air Vehicle Link MAVLink is a lightweight messaging protocol from the Dronecode project that is primarily used for communication between ground control terminals ground stations and UAVs as well as between airborne UAV components. An access control error vulnerability exists in MAVLink, whi...

The vulnerability of the software key storage mechanism of Cisco Application Services Engine allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Cisco Application Services Engine software repository is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

CVE-2020-10272

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with...

PT-2022-23525 · Influxdb +2 · Influxdb +2

Name of the Vulnerable Software and Affected Versions: influxDB versions prior to 1.8.10 Description: The issue concerns the lack of an authentication mechanism or controls in influxDB, allowing unauthenticated attackers to execute arbitrary commands. This could potentially expose data to any...

CVE-2020-6207

SAP Solution Manager User Experience Monitoring, version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager...

The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and providing group services in Apache ZooKeeper makes it possible for a attacker to write arbitrary files to the operating system of the vulnerable device.

The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and providing group services in Apache ZooKeeper exists due to the lack of authentication when joining a quorum. Exploiting this vulnerability allows an attacker to...

PT-2019-18969 · Unknown · Online Store System

Name of the Vulnerable Software and Affected Versions: Online Store System version 1.0 Description: The issue concerns the delete product.php file in the Online Store System, which fails to verify if a user is authenticated or has administrative rights. This oversight allows for arbitrary product...

The vulnerability of the TIA Administrator software development environment, related to the lack of authentication, allows a malicious individual to execute a series of commands.

The vulnerability of the TIA Administrator software development environment is related to the lack of authentication. Exploiting this vulnerability allows an attacker to execute a series of commands...

CVE-2019-11020

Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to remotely access all claim details by visiting easily guessable dashboard/uploads/claimfiles/claimid URLs...

Moxa OnCell G3100-HSPA Security Feature Issue Vulnerability

Moxa OnCell G3100-HSPA is a G3100-HSPA series cellular network gateway device from Moxa, Taiwan, China. A security feature issue vulnerability exists in Moxa OnCell G3100-HSPA Series 1.6 Build 17100315 and prior versions. The vulnerability stems from a lack of security measures such as...

Moxa OnCell G3100-HSPA Security Feature Issue Vulnerability (CNVD-2019-23542)

Moxa OnCell G3100-HSPA is a G3100-HSPA series cellular network gateway device from Moxa, Taiwan, China. A security feature issue vulnerability exists in Moxa OnCell G3100-HSPA 1.6 Build 17100315 and earlier versions. The vulnerability stems from a lack of security measures such as authentication,...

CVE-2019-10964

Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker...

The vulnerability of microprogrammed software in Modicon, ATV IMC, and PacDrive programmable logic controllers lies in the lack of authentication for a critical function, allowing an intruder to alter the device’s configuration.

The vulnerability of microprogrammed software in Modicon, ATV IMC, and PacDrive programmable logic controllers is related to the absence of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to remotely alter the device’s configuration IP address,...

HPE Smart Update Manager Security Feature Issue Vulnerability

HPE Smart Update Manager SUM is a smart update manager from Hewlett Packard Enterprise HPE, USA. It is used to install and update firmware and software components on HP ProLiant and HP Integrity servers, chassis, and options. A security feature issue vulnerability exists in versions of HPE SUM...

PT-2019-2282

Name of the Vulnerable Software and Affected Versions Modicon M100 versions all Modicon M200 versions all Modicon M221 versions all ATV IMC drive controller versions all Modicon M241 versions all Modicon M251 versions all Modicon M258 versions all Modicon LMC058 versions all Modicon LMC078 versio...

CVE-2019-6538

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

CVE-2018-13816

A vulnerability has been identified in TIM 1531 IRC All version V2.0. The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user...

The vulnerability in the web interface of the Cisco Energy Management Suite allows a perpetrator to perform cross-site fraudulently.

The vulnerability of the Cisco Energy Management Suite’s web interface relates to the lack of authentication for HTTP requests. Exploiting this vulnerability allows a remote attacker to perform cross-site fraudulently, and to carry out arbitrary actions on the vulnerable device under the user’s...

CVE-2018-18014

Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated b...