1073 matches found
CVE-2019-13549
CVE-2019-13549 affects the Rittal Chiller SK 3232-Series web interface built on Carel pCOWeb firmware A1.5.3–B1.2.4. The issue is improper access control: authentication does not sufficiently protect against unauthorized configuration changes, allowing modification of primary operations (turning ...
Ubuntu: Security Advisory (USN-4153-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PRODSECBUG-2445: Insufficient logging and monitoring of configuration changes
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2445: Insufficient logging and monitoring of configuration changes
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
CVE-2019-6650
F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings...
Cisco Jabber Client Framework Input Validation Error Vulnerability
Cisco Jabber Client Framework JCF is the United States Cisco Cisco company's set of unified communications client framework. The framework provides online status display, instant messaging, voice and other features. An input validation error vulnerability exists in the Cisco Jabber Client...
The vulnerability in the web interface of the Cisco Integrated Management Controller, a software tool for remote administration of servers, allows a malicious individual to make unauthorized changes to the system configuration.
The vulnerability of the web interface for managing Cisco Integrated Management Controllers involves authentication errors. Exploiting this vulnerability allows an attacker to make unauthorized changes to the system configuration remotely...
Authorization Bypass
magento/community-edition is vulnerable to authorization bypass. The vulnerability exists as a low-privileged user to make unauthorized environment configuration changes...
Design/Logic Flaw
Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes...
CVE-2019-13277
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The request can be made on the local intranet or...
CVE-2019-1625
A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by...
CVE-2019-1625 Cisco SD-WAN Solution Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by...
CVE-2019-1625 Cisco SD-WAN Solution Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by...
The vulnerability of microprogrammed software in Modicon, ATV IMC, and PacDrive programmable logic controllers lies in the lack of authentication for a critical function, allowing an intruder to alter the device’s configuration.
The vulnerability of microprogrammed software in Modicon, ATV IMC, and PacDrive programmable logic controllers is related to the absence of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to remotely alter the device’s configuration IP address,...
CVE-2017-13718
The HTTP API supported by Starry Station aka Starry Router allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the devi...
The vulnerability of integrated web servers of SIMATIC devices stems from insufficient protection of the web page structure, allowing attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of integrated Web servers on SIMATIC devices is related to insufficient protection of the web page structure when certain parts of the device’s configuration are modified using SNMP. Exploiting this vulnerability allows a perpetrator with access to the vulnerable system to...
CVE-2018-4072
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...
CVE-2018-4071
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceTLGetTask.cgi executable is used to retrieve MSCII configuration values within the configuration manager of the AirLink ES450...
CVE-2018-4070
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send...
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment Vulnerability
Summary An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An...