Lucene search
K

82 matches found

Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.3 views

PT-2024-9926 · Unknown · Skupper Console

Name of the Vulnerable Software and Affected Versions: Skupper console affected versions not specified Description: A flaw was found in the Skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybr...

7.5CVSS7.4AI score0.00484EPSS
Exploits0References14
CVE
CVE
added 2024/07/26 1:34 p.m.66 views

CVE-2024-7128

CVE-2024-7128 — OpenShift Console unauthenticated data exposure is evidenced by multiple sources in the connected documents. The OpenShift console contains endpoints guarded by authHandler() and authHandlerWithUser(), which under the default openShiftAuth provider perform no authentication checks...

5.3CVSS5.3AI score0.00414EPSS
Exploits0References5
Veracode
Veracode
added 2024/05/24 6:38 a.m.18 views

Missing Default Authentication

Argo CD is vulnerable to Missing Default Authentication. The vulnerability is due to the default lack of password protection in redis, allowing attackers with access to an unprivileged pod to connect to the Redis server to gain read/write access, modify the "mfst" manifest key to execute...

9CVSS7.1AI score0.01479EPSS
Exploits2References10Affected Software1
OSV
OSV
added 2024/04/08 1:15 p.m.4 views

CVE-2024-31813

TOTOLINK EX200 V4.0.3c.7646B20201211 does not contain an authentication mechanism by default...

8.4CVSS5.8AI score0.00203EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.3 views

PT-2024-24221 · Totolink · Totolink Ex200

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: The issue is related to the lack of an authentication mechanism by default. This means that the device does not require users to authenticate before accessing its features, potentially...

8.4CVSS7AI score0.00203EPSS
Exploits0References4
CVE
CVE
added 2024/04/08 12:0 a.m.63 views

CVE-2024-31813

Summary: CVE-2024-31813 affects TOTOLINK EX200 (version 4.0.3c.7646_B20201211). The root cause is that the device ships without an authentication mechanism by default, per Red Hat/NVD/CNVD/CNNVD entries and industry disclosures. Impact as stated: high confidentiality, integrity, and availability ...

8.4CVSS7.1AI score0.00203EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/17 6:15 a.m.4 views

UBUNTU-CVE-2023-38324

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...

5.3CVSS5.8AI score0.00685EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/23 12:0 a.m.12 views

PT-2023-24911 · Etic Telecom · Etic Telecom Ras

Name of the Vulnerable Software and Affected Versions: ETIC Telecom RAS versions 4.7.0 and prior Description: The web management portal authentication is disabled by default in the affected versions. This could allow an attacker with adjacent network access to alter the configuration of the devic...

8.1CVSS8AI score0.0029EPSS
Exploits0References4
OSV
OSV
added 2022/09/02 9:15 p.m.4 views

UBUNTU-CVE-2022-36640

DISPUTED influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible...

9.8CVSS7.5AI score0.02005EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/06/24 3:0 p.m.38 views

CVE-2022-1521 3.2.4 IMPROPER ACCESS CONTROL CWE-284

LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data...

9.1CVSS9.5AI score0.01031EPSS
Exploits0References1
OSV
OSV
added 2022/03/11 6:15 p.m.4 views

CVE-2021-33658

atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration...

7.8CVSS5.8AI score0.00154EPSS
Exploits0References1
OSV
OSV
added 2022/03/03 11:3 a.m.5 views

OESA-2022-1541 A-Tune security update

atune is a service for atuned AI tuning system. Security Fixes: Log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration.CVE-2021-33658...

7.8CVSS7.1AI score0.00154EPSS
Exploits0References2
OSV
OSV
added 2021/10/25 4:15 p.m.7 views

ALPINE-CVE-2021-37624

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...

7.5CVSS6.6AI score0.0352EPSS
Exploits5References1
Positive Technologies
Positive Technologies
added 2021/10/25 12:0 a.m.10 views

PT-2021-21740 · Unknown +1 · Freeswitch +1

Name of the Vulnerable Software and Affected Versions: FreeSWITCH versions prior to 1.10.7 Description: The issue concerns the lack of authentication for SIP MESSAGE requests in FreeSWITCH, leading to potential spam and message spoofing. By default, SIP requests of the type MESSAGE are not...

8.6CVSS6.3AI score0.0352EPSS
Exploits19References30
OSV
OSV
added 2021/09/13 6:15 p.m.7 views

CVE-2021-33543

Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service...

9.8CVSS7.3AI score0.8207EPSS
Exploits5References2
OSV
OSV
added 2020/08/05 2:53 p.m.27 views

GHSA-W542-CPP9-R3G7 Field Test CSRF vulnerability

The Field Test dashboard is vulnerable to cross-site request forgery CSRF with non-session based authentication methods in versions v0.2.0 through v0.3.2. Impact The Field Test dashboard is vulnerable to CSRF with non-session based authentication methods, like basic authentication. Session-based...

4.3CVSS4.6AI score0.00426EPSS
Exploits0References5
RubySec
RubySec
added 2020/08/04 12:0 a.m.19 views

CSRF Vulnerability with Non-Session Based Authentication

The PgHero dashboard is vulnerable to CSRF with non-session based authentication methods. Impact The PgHero dashboard is vulnerable to cross-site request forgery CSRF. This affects the Docker image, Linux packages, and in specific cases, the Ruby gem. The Ruby gem is vulnerable with non-session...

8.1CVSS2.8AI score0.00465EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/10/10 8:15 p.m.15 views

CVE-2019-9529

The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device...

5.5CVSS5.6AI score0.00282EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/10 8:9 p.m.19 views

CVE-2019-9529 The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default

The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device...

6.6AI score0.00282EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/09/25 12:0 a.m.21 views

The vulnerability of the microprogrammed software of Moxa EDS-G516E and Moxa EDS-510E switches, which is related to the default use of the HTTP protocol, allows attackers to intercept administrator credentials and other confidential information, thereby gaining access to the control system.

The vulnerability of the microprogrammed software of Moxa EDS-G516E and Moxa EDS-510E switches is related to the default use of the HTTP protocol in implementing the “Basic HTTP Authentication” method. Exploiting this vulnerability allows a malicious actor to remotely intercept administrator...

10CVSS5.5AI score0.00812EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder