Lucene search
K

2964 matches found

OSV
OSV
added 2023/08/31 4:15 p.m.4 views

CVE-2023-34392

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

8.8CVSS5.9AI score0.00454EPSS
Exploits0References2
NVD
NVD
added 2023/08/31 4:15 p.m.12 views

CVE-2023-34392

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

8.8CVSS8.5AI score0.00454EPSS
Exploits0References2
Prion
Prion
added 2023/08/31 4:15 p.m.24 views

Authentication flaw

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

6.8CVSS8.8AI score0.00454EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/31 3:31 p.m.27 views

CVE-2023-34392 Missing Authentication for Critical Function

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

8.2CVSS9.1AI score0.00454EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.4 views

PT-2023-24857 · Schweitzer Engineering Laboratories · Sel-5037 Sel Grid Configurator

Name of the Vulnerable Software and Affected Versions: Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator versions prior to 4.5.0.20 Description: A Missing Authentication for Critical Function issue could allow an attacker to run arbitrary commands on managed devices by an...

8.8CVSS8.8AI score0.00454EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.4 views

Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator 访问控制错误漏洞

Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator is a freely distributed software tool from Schweitzer Engineering Laboratories, Inc. -- Grid Configurator allows engineers and technicians to quickly create, manage, and deploy settings for SEL power system equipment. A security...

8.8CVSS8.3AI score0.00454EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2023/08/29 12:0 a.m.8 views

VulnCheck KEV: CVE-2023-36851

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication,...

5.3CVSS6.2AI score0.011EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/08/29 12:0 a.m.8 views

VulnCheck KEV: CVE-2023-36847

Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an...

5.3CVSS6.2AI score0.84692EPSS
Exploits2References1
NVD
NVD
added 2023/08/28 7:15 a.m.12 views

CVE-2023-38030

Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions...

7.5CVSS7.7AI score0.0062EPSS
Exploits0References1
OSV
OSV
added 2023/08/28 7:15 a.m.4 views

CVE-2023-38030

Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions...

7.5CVSS5.9AI score0.0062EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/28 6:44 a.m.16 views

CVE-2023-38030 Saho ADM100&ADM-100FP - Execute Code

Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions...

7.5CVSS7.9AI score0.0062EPSS
Exploits0References1
OSV
OSV
added 2023/08/23 10:15 p.m.5 views

CVE-2023-38422

Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/23 9:21 p.m.15 views

CVE-2023-38422 Walchem Intuition Missing Authentication for Critical Function

Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data...

7.5CVSS7AI score0.00508EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/23 9:21 p.m.40 views

CVE-2023-38422 Walchem Intuition Missing Authentication for Critical Function

Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data...

7.5CVSS7.8AI score0.00508EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/08/17 8:15 p.m.43 views

CVE-2023-36847

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an...

5.3CVSS6.4AI score0.84692EPSS
In wildExploits2References3Affected Software1
CVE
CVE
added 2023/08/17 7:18 p.m.342 views

CVE-2023-36846

CVE-2023-36846 (Juniper Junos OS SRX Series) is a Missing Authentication for Critical Function vulnerability. An unauthenticated, network-based attacker can trigger J-Web to upload arbitrary files, leading to a loss of file-system integrity for a portion of the device. Affected Junos OS/SRX Serie...

5.3CVSS6.2AI score0.94205EPSS
In wildExploits4References2Affected Software1
CNNVD
CNNVD
added 2023/08/17 12:0 a.m.5 views

Juniper Networks Junos OS SRX 访问控制错误漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. An access control error vulnerability exists in Juniper Networks Junos OS SRX, which arises from missing...

5.3CVSS6.1AI score0.94205EPSS
Exploits4References6
OSV
OSV
added 2023/08/08 1:15 a.m.4 views

CVE-2023-36926

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no...

5.3CVSS5.8AI score0.00385EPSS
Exploits0References2
NVD
NVD
added 2023/08/08 1:15 a.m.14 views

CVE-2023-36926

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no...

5.3CVSS4.6AI score0.00385EPSS
Exploits0References2
Veracode
Veracode
added 2023/08/06 7:54 p.m.17 views

Improper Authentication

gitlab is vulnerable to Improper Authentication. The vulnerability exists due to missing authentication which allows an attacker with access to a victim's session to disable two-factor authentication...

3.5CVSS6.9AI score0.00399EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder