PT-2022-23525 · Influxdb +2 · Influxdb +2

Name of the Vulnerable Software and Affected Versions: influxDB versions prior to 1.8.10 Description: The issue concerns the lack of an authentication mechanism or controls in influxDB, allowing unauthenticated attackers to execute arbitrary commands. This could potentially expose data to any...

CVE-2020-6207

SAP Solution Manager User Experience Monitoring, version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager...

The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and providing group services in Apache ZooKeeper makes it possible for a attacker to write arbitrary files to the operating system of the vulnerable device.

The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and providing group services in Apache ZooKeeper exists due to the lack of authentication when joining a quorum. Exploiting this vulnerability allows an attacker to...

PT-2019-18969 · Unknown · Online Store System

Name of the Vulnerable Software and Affected Versions: Online Store System version 1.0 Description: The issue concerns the delete product.php file in the Online Store System, which fails to verify if a user is authenticated or has administrative rights. This oversight allows for arbitrary product...

The vulnerability of the TIA Administrator software development environment, related to the lack of authentication, allows a malicious individual to execute a series of commands.

The vulnerability of the TIA Administrator software development environment is related to the lack of authentication. Exploiting this vulnerability allows an attacker to execute a series of commands...

CVE-2019-11020

Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to remotely access all claim details by visiting easily guessable dashboard/uploads/claimfiles/claimid URLs...

Moxa OnCell G3100-HSPA Security Feature Issue Vulnerability

Moxa OnCell G3100-HSPA is a G3100-HSPA series cellular network gateway device from Moxa, Taiwan, China. A security feature issue vulnerability exists in Moxa OnCell G3100-HSPA Series 1.6 Build 17100315 and prior versions. The vulnerability stems from a lack of security measures such as...

Moxa OnCell G3100-HSPA Security Feature Issue Vulnerability (CNVD-2019-23542)

Moxa OnCell G3100-HSPA is a G3100-HSPA series cellular network gateway device from Moxa, Taiwan, China. A security feature issue vulnerability exists in Moxa OnCell G3100-HSPA 1.6 Build 17100315 and earlier versions. The vulnerability stems from a lack of security measures such as authentication,...

CVE-2019-10964

Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker...

HPE Smart Update Manager Security Feature Issue Vulnerability

HPE Smart Update Manager SUM is a smart update manager from Hewlett Packard Enterprise HPE, USA. It is used to install and update firmware and software components on HP ProLiant and HP Integrity servers, chassis, and options. A security feature issue vulnerability exists in versions of HPE SUM...

The vulnerability of microprogrammed software in Modicon, ATV IMC, and PacDrive programmable logic controllers lies in the lack of authentication for a critical function, allowing an intruder to alter the device’s configuration.

The vulnerability of microprogrammed software in Modicon, ATV IMC, and PacDrive programmable logic controllers is related to the absence of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to remotely alter the device’s configuration IP address,...

PT-2019-2282

Name of the Vulnerable Software and Affected Versions Modicon M100 versions all Modicon M200 versions all Modicon M221 versions all ATV IMC drive controller versions all Modicon M241 versions all Modicon M251 versions all Modicon M258 versions all Modicon LMC058 versions all Modicon LMC078 versio...

CVE-2019-6538

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

CVE-2018-13816

A vulnerability has been identified in TIM 1531 IRC All version V2.0. The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user...

The vulnerability in the web interface of the Cisco Energy Management Suite allows a perpetrator to perform cross-site fraudulently.

The vulnerability of the Cisco Energy Management Suite’s web interface relates to the lack of authentication for HTTP requests. Exploiting this vulnerability allows a remote attacker to perform cross-site fraudulently, and to carry out arbitrary actions on the vulnerable device under the user’s...

CVE-2018-18014

Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated b...

CVE-2018-15598

Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable...

CVE-2018-15565

An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF...

The vulnerability of the Policy Builder interface of the Cisco Policy Suite software management tool allows a perpetrator to access the interface and make changes to existing repositories.

The vulnerability of the Policy Builder interface of the Cisco Policy Suite management software is related to the absence of a mechanism for authenticating the Policy Builder interface. Exploiting this vulnerability could allow an attacker to gain access to the interface and make changes to...

PT-2018-3087 · Apache +2 · Apache Zookeeper +2

Name of the Vulnerable Software and Affected Versions: Apache ZooKeeper versions 3.5.0-alpha through 3.5.3-beta Apache ZooKeeper versions prior to 3.4.10 Description: The issue arises from the lack of authentication when a server attempts to join a quorum in Apache ZooKeeper. This allows an...