82 matches found
PT-2024-9926 · Unknown · Skupper Console
Name of the Vulnerable Software and Affected Versions: Skupper console affected versions not specified Description: A flaw was found in the Skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybr...
CVE-2024-7128
CVE-2024-7128 — OpenShift Console unauthenticated data exposure is evidenced by multiple sources in the connected documents. The OpenShift console contains endpoints guarded by authHandler() and authHandlerWithUser(), which under the default openShiftAuth provider perform no authentication checks...
Missing Default Authentication
Argo CD is vulnerable to Missing Default Authentication. The vulnerability is due to the default lack of password protection in redis, allowing attackers with access to an unprivileged pod to connect to the Redis server to gain read/write access, modify the "mfst" manifest key to execute...
CVE-2024-31813
TOTOLINK EX200 V4.0.3c.7646B20201211 does not contain an authentication mechanism by default...
PT-2024-24221 · Totolink · Totolink Ex200
Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: The issue is related to the lack of an authentication mechanism by default. This means that the device does not require users to authenticate before accessing its features, potentially...
CVE-2024-31813
Summary: CVE-2024-31813 affects TOTOLINK EX200 (version 4.0.3c.7646_B20201211). The root cause is that the device ships without an authentication mechanism by default, per Red Hat/NVD/CNVD/CNNVD entries and industry disclosures. Impact as stated: high confidentiality, integrity, and availability ...
UBUNTU-CVE-2023-38324
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...
PT-2023-24911 · Etic Telecom · Etic Telecom Ras
Name of the Vulnerable Software and Affected Versions: ETIC Telecom RAS versions 4.7.0 and prior Description: The web management portal authentication is disabled by default in the affected versions. This could allow an attacker with adjacent network access to alter the configuration of the devic...
UBUNTU-CVE-2022-36640
DISPUTED influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible...
CVE-2022-1521 3.2.4 IMPROPER ACCESS CONTROL CWE-284
LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data...
CVE-2021-33658
atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration...
OESA-2022-1541 A-Tune security update
atune is a service for atuned AI tuning system. Security Fixes: Log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration.CVE-2021-33658...
ALPINE-CVE-2021-37624
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...
PT-2021-21740 · Unknown +1 · Freeswitch +1
Name of the Vulnerable Software and Affected Versions: FreeSWITCH versions prior to 1.10.7 Description: The issue concerns the lack of authentication for SIP MESSAGE requests in FreeSWITCH, leading to potential spam and message spoofing. By default, SIP requests of the type MESSAGE are not...
CVE-2021-33543
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service...
GHSA-W542-CPP9-R3G7 Field Test CSRF vulnerability
The Field Test dashboard is vulnerable to cross-site request forgery CSRF with non-session based authentication methods in versions v0.2.0 through v0.3.2. Impact The Field Test dashboard is vulnerable to CSRF with non-session based authentication methods, like basic authentication. Session-based...
CSRF Vulnerability with Non-Session Based Authentication
The PgHero dashboard is vulnerable to CSRF with non-session based authentication methods. Impact The PgHero dashboard is vulnerable to cross-site request forgery CSRF. This affects the Docker image, Linux packages, and in specific cases, the Ruby gem. The Ruby gem is vulnerable with non-session...
CVE-2019-9529
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device...
CVE-2019-9529 The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device...
The vulnerability of the microprogrammed software of Moxa EDS-G516E and Moxa EDS-510E switches, which is related to the default use of the HTTP protocol, allows attackers to intercept administrator credentials and other confidential information, thereby gaining access to the control system.
The vulnerability of the microprogrammed software of Moxa EDS-G516E and Moxa EDS-510E switches is related to the default use of the HTTP protocol in implementing the “Basic HTTP Authentication” method. Exploiting this vulnerability allows a malicious actor to remotely intercept administrator...