Lucene search
K

66 matches found

CNNVD
CNNVD
added 2023/09/05 12:0 a.m.4 views

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from an interface unauthenticated vulnerability in the module. Successful exploitation of th...

7.5CVSS6.8AI score0.0035EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/20 12:0 a.m.6 views

SAMSUNG Harman AMX N-Series 访问控制错误漏洞

SAMSUNG Harman AMX N-Series is a wall plate encoder from Samsung South Korea. A security vulnerability exists in Samsung Harman AMX N-Series devices, which originates from a web interface that can expose sensitive information by listing the /tmp/ directory without authentication. Affected product...

5.3CVSS5.7AI score0.00841EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.2 views

SUSE CVE-2018-8016

The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in...

9.8CVSS9.9AI score0.02289EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/05 12:0 a.m.4 views

Huawei HarmonyOS 授权问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from an interface that is not properly authenticated, and can be exploited by an attacker to...

7.5CVSS7.4AI score0.00417EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/15 12:0 a.m.6 views

Mercedes-Benz XENTRY Retail Data Storage 安全漏洞

Mercedes-Benz XENTRY Retail Data Storage is a type of retail data storage from Mercedes-Benz of Germany. A security vulnerability exists in Mercedes-Benz XENTRY Retail Data Storage version 7.8.1, which originated from a vulnerability that allows remote attackers to cause a denial of service via a...

7.5CVSS7.4AI score0.2644EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/15 12:0 a.m.5 views

PT-2023-19063 · Mercedes Benz · Mercedes-Benz Xentry Retail Data Storage

Name of the Vulnerable Software and Affected Versions: Mercedes-Benz XENTRY Retail Data Storage version 7.8.1 Description: The issue allows remote attackers to cause a denial of service, resulting in a device restart, via an unauthenticated API request. The attacker must be on the same network as...

7.5CVSS7.4AI score0.2644EPSS
Exploits0References7
OSV
OSV
added 2022/09/29 3:15 a.m.3 views

CVE-2020-15344

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zygetuseridandkey API...

5.3CVSS5.8AI score0.00568EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/09/29 12:0 a.m.5 views

Zyxel CloudCNM SecuManager 安全漏洞

Zyxel CloudCNM SecuManager is a set of network management software from Taiwan, China-based Zyxel. The software supports centralized control, device management and intelligent monitoring. A security vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1, which originates from ...

5.3CVSS5.8AI score0.00562EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/29 12:0 a.m.4 views

Zyxel CloudCNM SecuManager 安全漏洞

Zyxel CloudCNM SecuManager is a set of network management software from Taiwan, China-based Zyxel. The software supports centralized control, device management and intelligent monitoring. A security vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1, which originates from ...

5.3CVSS5.8AI score0.00568EPSS
Exploits1References3
OSV
OSV
added 2022/05/13 1:53 a.m.1 views

GHSA-52GQ-7J6C-XW6X Missing Authentication for Critical Function in Apache Cassandra

The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in...

9.8CVSS7.5AI score0.02289EPSS
Exploits0References4
OSV
OSV
added 2022/04/19 9:15 p.m.5 views

CVE-2022-1186

The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5...

5.3CVSS5.5AI score0.01083EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/30 11:15 p.m.7 views

CVE-2021-46006

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication...

6.5CVSS6.6AI score0.07242EPSS
Exploits1References4
OSV
OSV
added 2022/02/15 6:15 p.m.2 views

CVE-2022-22770

The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and...

9.8CVSS5.9AI score0.01128EPSS
Exploits0References1
Talos
Talos
added 2022/02/01 12:0 a.m.54 views

Sealevel Systems, Inc. SeaConnect 370W Modbus/SeaMAX Remote Configuration denial of service vulnerabilities

Summary Two denial of service vulnerabilities exist in the Modbus/SeaMAX Remote Configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger these vulnerabilities...

9.3CVSS8.4AI score0.01021EPSS
Exploits2
OSV
OSV
added 2021/06/29 9:15 p.m.6 views

CVE-2021-35941

Western Digital WD My Book Live 2.x and later and WD My Book Live Duo all versions have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472...

7.5CVSS5.8AI score0.1271EPSS
Exploits1References2
CNVD
CNVD
added 2020/07/28 12:0 a.m.3 views

Huawei P30 Information Disclosure Vulnerability (CNVD-2020-46468)

Huawei P30 is a smartphone from Huawei. An information disclosure vulnerability exists in versions prior to Huawei P30 10.1.0.160 C00E160R2P11. The vulnerability stems from the system failing to properly authenticate an application accessing a specified interface. An attacker can exploit the...

4.3CVSS6.2AI score0.00512EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/06/26 12:0 a.m.4 views

PT-2020-14376 · Zyxel · Zyxel Cloudcnm Secumanager

Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue concerns an unauthenticated API, specifically the "zy install user key" API endpoint. This allows for unauthorized access. Recommendations: For versions 3.1.0 and...

5.3CVSS5.3AI score0.0058EPSS
Exploits1References4
OSV
OSV
added 2020/06/24 5:15 p.m.5 views

CVE-2020-11961

Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface getconfigresult without authentication...

7.5CVSS7.1AI score0.01154EPSS
Exploits0References1
Veracode
Veracode
added 2019/12/12 8:16 a.m.24 views

Remote Code Execution (RCE)

Apache cassandra is vulnerable to remote code execution. The vulnerability exists due to the use of a default JMX configuration of unauthenticated JMX/RMI interface to all network interfaces. Therefore, anyone with access to the interface is allowed to listen to the RMI and to trigger a remote...

7.5CVSS4.8AI score0.06692EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2019/07/10 10:1 a.m.4 views

openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data

A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...

9.1CVSS5.8AI score0.02464EPSS
Exploits0References9
Rows per page
Query Builder