384 matches found
The vulnerability of the SAP NetWeaver AS Java software integration platform lies in the absence of authentication procedures, which allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of SAP NetWeaver AS Java software-based integration platforms is related to the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to remotely compromise the confidentiality and integrity of the protected information...
CVE-2024-11481
A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...
The vulnerability of hybrid cloud solutions for managing thin clients in the Dell Wyse Management Suite lies in the absence of authentication procedures. This allows attackers to trigger service interruptions and delete arbitrary files.
The vulnerability of the hybrid cloud solution for managing thin clients in the Dell Wyse Management Suite is related to the absence of authentication procedures. Exploiting this vulnerability could allow a malicious actor to cause service interruptions and delete arbitrary files...
Advantech EKI-6333AC-2G和Advantech EKI-6333AC-2GD 安全漏洞
The Advantech EKI-6333AC-2G and Advantech EKI-6333AC-2GD are both industrial-grade wireless access points APs from Advantech, China. A security vulnerability exists in Advantech EKI-6333AC-2G version 1.6.3 and earlier, EKI-6333AC-2GD version v1.6.3 and earlier, and EKI-6333AC-1GPO version v1.2.1...
CVE-2024-5721
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific...
CVE-2024-38643
A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3...
QNAP Systems Notes Station 安全漏洞
QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from an authentication missing vulnerability that stems from the inclusion of ...
PT-2024-33302 · Unknown · Ventilator Software Tools
Name of the Vulnerable Software and Affected Versions: Ventilator software tools affected versions not specified Description: The software tools used by service personnel to test and calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the...
The vulnerability of the OPC server WorkstationST, related to the lack of authentication for critical functions, allows attackers to write or overwrite files on the configuration server.
The vulnerability of the OPC server WorkstationST is related to the absence of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to record or rerecord configuration files on the server remotely...
CVE-2024-39664 WordPress Filter & Grids plugin <= 2.8.32 - Broken Authentication vulnerability
Missing Authorization vulnerability in YMC Filter & Grids allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Filter & Grids: from n/a through 2.8.33...
The vulnerability of the Microsoft Dataverse data management platform, related to the absence of authentication procedures that prevent unauthorized access to protected information.
The vulnerability of the Microsoft Dataverse data management platform is related to the absence of authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the microprogrammed logic controller (PLC) Advantech ADAM-5630 software lies in the lack of authentication for a critical function. This allows a intruder to execute arbitrary commands and cause malfunctions in the device’s operation.
The vulnerability of the microprogrammed logic controller PLC Advantech ADAM-5630 software is related to the absence of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands and cause malfunctions in the system...
CVE-2023-6055
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the Extended Key Usage extension, the product...
The vulnerability of the microprogramming software of Moxa devices such as EDR-8010, EDR-G9004, EDR-G9010, EDR-G1002-BP, NAT-102 OnCell G4302-LTE4, and TN-4900 stems from the absence of authentication for a critical function. This allows attackers to gain full access to the device’s configuration.
The vulnerability of the microprogramming software in Moxa devices such as EDR-8010, EDR-G9004, EDR-G9010, EDR-G1002-BP, NAT-102 OnCell G4302-LTE4, and TN-4900 lies in the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker operating remotely to...
CVE-2023-52949
Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors...
CVE-2024-45075
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication...
Hitachi Energy MicroSCADA X SYS600 安全漏洞
Hitachi Energy MicroSCADA X SYS600 is a SCADA product from Hitachi, Japan. It ensures optimal control and reliable operation of your switching station through seamless integration and connectivity between different devices and systems. A security vulnerability exists in Hitachi Energy MicroSCADA ...
PT-2024-29899 · Homepage · Homepage
Name of the Vulnerable Software and Affected Versions: Homepage version 0.9.1 Description: The default setup of Homepage is vulnerable to DNS rebinding due to the lack of certificate and authentication. An attacker can exploit this by changing the DNS records of their domain to the internal IP...
The vulnerabilities of the CPCI85 and SICORE processor control modules from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, allow attackers to downgrade the firmware version of the devices.
The vulnerability of the CPCI85 and SICORE processor module control systems from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, stems from the lack of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to downgrade the firmware version of the...
WordPress Getwid – Gutenberg Blocks plugin <= 2.0.10 - Missing Authentication to API key update vulnerability
Missing Authentication to API key update vulnerability discovered by Peter Thaleikis in WordPress Plugin Getwid versions = 2.0.10...