2963 matches found
Schneider Electric C-Bus Toolkit
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: C-Bus Toolkit Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to enable...
CVE-2021-28809 Missing Authentication for Critical Function in RTRR Server in HBS3
An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS...
Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239
h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...
AVEVA System Platform (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: AVEVA Software, LLC Equipment: System Platform Vulnerabilities: Missing Authentication for Critical Function, Uncaught Exception, Path Traversal, Origin Validation Error, Improper...
The vulnerability of the ContentModelChange function in the software for implementing a hypertext environment like MediaWiki allows attackers to compromise the integrity of the protected information.
The vulnerability of the ContentModelChange function in the MediaWiki software, which is used to implement the hypertext environment, relates to the absence of authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the integrity of the...
CVE-2021-32930
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView versions prior to v5.7.03.6182...
CVE-2021-32930
Advantech iView (pre-5.7.03.6182) has a CVE-2021-32930 vulnerability described as Missing Authentication for Critical Function. The flaw allows an attacker to change configurations and, per ZDI, could enable remote code execution via the runProViewUpgrade action on NetworkServlet (port 8080). Pub...
CVE-2021-23847
A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and...
CVE-2021-23847
A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and...
CVE-2021-23847
Summary: CVE-2021-23847 describes an unauthenticated information-extraction/settings-change flaw in Bosch IP cameras (CPP6, CPP7, CPP7.3) before firmware B128, on versions 7.70, 7.72, and 7.80. The root cause is a Missing Authentication in a Critical Function, allowing a remote attacker to craft ...
Advantech iView runProViewUpgrade Missing Authentication Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the runProViewUpgrade action of NetworkServlet, which listens on TCP port 8080 by defaul...
CVE-2021-22316
There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability...
CVE-2021-22322
There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality...
CVE-2021-22316
There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability...
CVE-2021-22322
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2021-22322
There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality...
CVE-2021-22316
Technical details (affected software versions, root cause, fixes) are not publicly provided in the provided documents. Monitor for updates.
CVE-2021-22316
There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability...
Advantech iView
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: iView Vulnerabilities: Missing Authentication for Critical Function, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...
Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication Vulnerabilities
Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706,...