Lucene search
K

2964 matches found

OSV
OSV
added 2023/04/18 9:15 p.m.2 views

CVE-2023-29411

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface...

9.8CVSS7.9AI score0.01315EPSS
Exploits0References1
NVD
NVD
added 2023/04/18 9:15 p.m.17 views

CVE-2023-29411

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface...

9.8CVSS10AI score0.01315EPSS
Exploits0References1
Prion
Prion
added 2023/04/18 9:15 p.m.19 views

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service...

5CVSS7.7AI score0.00712EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/04/18 8:50 p.m.22 views

CVE-2023-29413

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service...

7.5CVSS7.8AI score0.00712EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/18 8:49 p.m.20 views

CVE-2023-29411

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface...

9.8CVSS10AI score0.01315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/18 8:49 p.m.6 views

CVE-2023-29411

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface...

9.8CVSS10AI score0.01315EPSS
Exploits0References1
CVE
CVE
added 2023/04/18 8:49 p.m.111 views

CVE-2023-29411

CVE-2023-29411 describes a Missing Authentication for Critical Function vulnerability in Schneider Electric’s Easy UPS Online Monitoring Software (Windows APC Easy UPS Online Monitoring Software and Schneider Electric Easy UPS Online Monitoring Software). The flaw allows changes to administrative...

9.8CVSS9.9AI score0.01315EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.4 views

PT-2023-2418 · Schneider +1 · Schneider Ups Monitor Service +1

Name of the Vulnerable Software and Affected Versions: Schneider UPS Monitor service affected versions not specified APC Easy UPS Online Monitoring Software affected versions not specified Description: A Missing Authentication for Critical Function issue exists, which could cause Denial-of-Servic...

10CVSS8.1AI score0.00712EPSS
Exploits0References10
OSV
OSV
added 2023/04/11 5:15 p.m.5 views

CVE-2022-41331

A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...

9.8CVSS5.8AI score0.01275EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/11 4:6 p.m.42 views

CVE-2022-41331

A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...

9.8CVSS9.7AI score0.01275EPSS
Exploits0References1
OSV
OSV
added 2023/04/11 3:15 a.m.3 views

CVE-2023-27267

Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely...

8.1CVSS6.7AI score0.14201EPSS
Exploits0References2
OSV
OSV
added 2023/04/11 3:15 a.m.4 views

CVE-2023-27497

Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely...

9.8CVSS6.8AI score0.00751EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/11 2:51 a.m.16 views

CVE-2023-28761 Missing Authentication check in SAP NetWeaver Enterprise Portal

In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity...

6.5CVSS6.8AI score0.00379EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.6 views

PT-2023-21172 · Sap · Sap Diagnostic Agent

Name of the Vulnerable Software and Affected Versions: SAP Diagnostics Agent version 720 Description: The EventLogServiceCollector of SAP Diagnostics Agent is affected by missing authentication and input sanitization of code, allowing an attacker to execute malicious scripts on all connected...

10CVSS9.5AI score0.00751EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.6 views

PT-2023-2328 · Sap · Sap Diagnostic Agent

Name of the Vulnerable Software and Affected Versions: SAP Diagnostics Agent version 720 Description: The issue is related to missing authentication and insufficient input validation in the OSCommand Bridge of the SAP Diagnostics Agent. This allows an attacker with deep knowledge of the system to...

9CVSS8.1AI score0.14201EPSS
Exploits0References7
ICS
ICS
added 2023/04/03 6:20 p.m.60 views

Honeywell OneWireless Wireless Device Manager

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: OneWireless Wireless Device Manager WDM Vulnerabilities: Command Injection, Use of Insufficiently Random Values, Missing Authentication for Critical Function 2. RISK EVALUATION...

7.5CVSS8.1AI score0.00527EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/31 6:54 a.m.4 views

Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210

Overview SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2016-2183 Command injection CWE-77 - CVE-2022-36556 Unrestricted upload of file with...

9.8CVSS9.3AI score0.95707EPSS
Exploits7References40
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/31 12:0 a.m.49 views

JVN#40604023: Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210

SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2016-2183 Version| Vector| Score ---|---|--- CVSS v3|...

9.8CVSS8.7AI score0.95707EPSS
Exploits7
ICS
ICS
added 2023/03/29 6:39 p.m.74 views

Akuvox E11

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Akuvox Equipment: E11 Vulnerabilities: Generation of Predictable IV with CBC, User of Hard-coded Cryptographic Key, Missing Authentication for Critical Function, Storing Passwords in a Recoverable...

9.8CVSS8.8AI score0.01386EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.5 views

Ivanti Avalanche 访问控制错误漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. Ivanti Avalanche version 6.3.3.101 suffers from an Access Control Error vulnerability that stems from a lack of...

9.8CVSS7.7AI score0.0469EPSS
Exploits0References3
Rows per page
Query Builder