66 matches found
Huawei HarmonyOS Security Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from an interface unauthenticated vulnerability in the module. Successful exploitation of th...
SAMSUNG Harman AMX N-Series 访问控制错误漏洞
SAMSUNG Harman AMX N-Series is a wall plate encoder from Samsung South Korea. A security vulnerability exists in Samsung Harman AMX N-Series devices, which originates from a web interface that can expose sensitive information by listing the /tmp/ directory without authentication. Affected product...
SUSE CVE-2018-8016
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in...
Huawei HarmonyOS 授权问题漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from an interface that is not properly authenticated, and can be exploited by an attacker to...
Mercedes-Benz XENTRY Retail Data Storage 安全漏洞
Mercedes-Benz XENTRY Retail Data Storage is a type of retail data storage from Mercedes-Benz of Germany. A security vulnerability exists in Mercedes-Benz XENTRY Retail Data Storage version 7.8.1, which originated from a vulnerability that allows remote attackers to cause a denial of service via a...
PT-2023-19063 · Mercedes Benz · Mercedes-Benz Xentry Retail Data Storage
Name of the Vulnerable Software and Affected Versions: Mercedes-Benz XENTRY Retail Data Storage version 7.8.1 Description: The issue allows remote attackers to cause a denial of service, resulting in a device restart, via an unauthenticated API request. The attacker must be on the same network as...
CVE-2020-15344
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zygetuseridandkey API...
Zyxel CloudCNM SecuManager 安全漏洞
Zyxel CloudCNM SecuManager is a set of network management software from Taiwan, China-based Zyxel. The software supports centralized control, device management and intelligent monitoring. A security vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1, which originates from ...
Zyxel CloudCNM SecuManager 安全漏洞
Zyxel CloudCNM SecuManager is a set of network management software from Taiwan, China-based Zyxel. The software supports centralized control, device management and intelligent monitoring. A security vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1, which originates from ...
GHSA-52GQ-7J6C-XW6X Missing Authentication for Critical Function in Apache Cassandra
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in...
CVE-2022-1186
The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5...
CVE-2021-46006
In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication...
CVE-2022-22770
The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and...
Sealevel Systems, Inc. SeaConnect 370W Modbus/SeaMAX Remote Configuration denial of service vulnerabilities
Summary Two denial of service vulnerabilities exist in the Modbus/SeaMAX Remote Configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger these vulnerabilities...
CVE-2021-35941
Western Digital WD My Book Live 2.x and later and WD My Book Live Duo all versions have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472...
Huawei P30 Information Disclosure Vulnerability (CNVD-2020-46468)
Huawei P30 is a smartphone from Huawei. An information disclosure vulnerability exists in versions prior to Huawei P30 10.1.0.160 C00E160R2P11. The vulnerability stems from the system failing to properly authenticate an application accessing a specified interface. An attacker can exploit the...
PT-2020-14376 · Zyxel · Zyxel Cloudcnm Secumanager
Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue concerns an unauthenticated API, specifically the "zy install user key" API endpoint. This allows for unauthorized access. Recommendations: For versions 3.1.0 and...
CVE-2020-11961
Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface getconfigresult without authentication...
Remote Code Execution (RCE)
Apache cassandra is vulnerable to remote code execution. The vulnerability exists due to the use of a default JMX configuration of unauthenticated JMX/RMI interface to all network interfaces. Therefore, anyone with access to the interface is allowed to listen to the RMI and to trigger a remote...
openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data
A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...