2964 matches found
CVE-2023-34392
A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...
CVE-2023-34392
A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...
Authentication flaw
A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...
CVE-2023-34392 Missing Authentication for Critical Function
A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...
PT-2023-24857 · Schweitzer Engineering Laboratories · Sel-5037 Sel Grid Configurator
Name of the Vulnerable Software and Affected Versions: Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator versions prior to 4.5.0.20 Description: A Missing Authentication for Critical Function issue could allow an attacker to run arbitrary commands on managed devices by an...
Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator 访问控制错误漏洞
Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator is a freely distributed software tool from Schweitzer Engineering Laboratories, Inc. -- Grid Configurator allows engineers and technicians to quickly create, manage, and deploy settings for SEL power system equipment. A security...
VulnCheck KEV: CVE-2023-36851
Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication,...
VulnCheck KEV: CVE-2023-36847
Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an...
CVE-2023-38030
Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions...
CVE-2023-38030
Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions...
CVE-2023-38030 Saho ADM100&ADM-100FP - Execute Code
Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions...
CVE-2023-38422
Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data...
CVE-2023-38422 Walchem Intuition Missing Authentication for Critical Function
Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data...
CVE-2023-38422 Walchem Intuition Missing Authentication for Critical Function
Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data...
CVE-2023-36847
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an...
CVE-2023-36846
CVE-2023-36846 (Juniper Junos OS SRX Series) is a Missing Authentication for Critical Function vulnerability. An unauthenticated, network-based attacker can trigger J-Web to upload arbitrary files, leading to a loss of file-system integrity for a portion of the device. Affected Junos OS/SRX Serie...
Juniper Networks Junos OS SRX 访问控制错误漏洞
Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. An access control error vulnerability exists in Juniper Networks Junos OS SRX, which arises from missing...
CVE-2023-36926
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no...
CVE-2023-36926
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no...
Improper Authentication
gitlab is vulnerable to Improper Authentication. The vulnerability exists due to missing authentication which allows an attacker with access to a victim's session to disable two-factor authentication...