Lucene search
K

2963 matches found

ICS
ICS
added 2021/07/13 12:0 a.m.93 views

Schneider Electric C-Bus Toolkit

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: C-Bus Toolkit Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to enable...

5.7CVSS6AI score0.12083EPSS
Exploits1References5
Cvelist
Cvelist
added 2021/07/08 7:40 a.m.29 views

CVE-2021-28809 Missing Authentication for Critical Function in RTRR Server in HBS3

An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS...

9.8CVSS9.5AI score0.15802EPSS
Exploits0References2
Atlassian
Atlassian
added 2021/06/30 3:9 a.m.61 views

Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239

h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...

9.8CVSS9.6AI score0.48883EPSS
Exploits1
ICS
ICS
added 2021/06/29 12:0 a.m.198 views

AVEVA System Platform (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: AVEVA Software, LLC Equipment: System Platform Vulnerabilities: Missing Authentication for Critical Function, Uncaught Exception, Path Traversal, Origin Validation Error, Improper...

9.8CVSS8.4AI score0.01162EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2021/06/23 12:0 a.m.4 views

The vulnerability of the ContentModelChange function in the software for implementing a hypertext environment like MediaWiki allows attackers to compromise the integrity of the protected information.

The vulnerability of the ContentModelChange function in the MediaWiki software, which is used to implement the hypertext environment, relates to the absence of authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the integrity of the...

4.3CVSS5.8AI score0.01212EPSS
Exploits1References7Affected Software5
OSV
OSV
added 2021/06/11 5:15 p.m.3 views

CVE-2021-32930

The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView versions prior to v5.7.03.6182...

9.8CVSS7.6AI score0.08055EPSS
Exploits0References1
CVE
CVE
added 2021/06/11 4:25 p.m.56 views

CVE-2021-32930

Advantech iView (pre-5.7.03.6182) has a CVE-2021-32930 vulnerability described as Missing Authentication for Critical Function. The flaw allows an attacker to change configurations and, per ZDI, could enable remote code execution via the runProViewUpgrade action on NetworkServlet (port 8080). Pub...

9.8CVSS9.6AI score0.08055EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/06/09 3:15 p.m.4 views

CVE-2021-23847

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and...

9.1CVSS7.3AI score0.01433EPSS
Exploits0References1
NVD
NVD
added 2021/06/09 3:15 p.m.19 views

CVE-2021-23847

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and...

9.8CVSS0.01433EPSS
Exploits0References1
CVE
CVE
added 2021/06/09 2:19 p.m.52 views

CVE-2021-23847

Summary: CVE-2021-23847 describes an unauthenticated information-extraction/settings-change flaw in Bosch IP cameras (CPP6, CPP7, CPP7.3) before firmware B128, on versions 7.70, 7.72, and 7.80. The root cause is a Missing Authentication in a Critical Function, allowing a remote attacker to craft ...

9.8CVSS9.2AI score0.01433EPSS
Exploits0References1Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2021/06/07 12:0 a.m.41 views

Advantech iView runProViewUpgrade Missing Authentication Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the runProViewUpgrade action of NetworkServlet, which listens on TCP port 8080 by defaul...

9.8CVSS3.5AI score0.08055EPSS
Exploits0References1
NVD
NVD
added 2021/06/03 4:15 p.m.17 views

CVE-2021-22316

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability...

6.8CVSS0.00185EPSS
Exploits0References1
OSV
OSV
added 2021/06/03 4:15 p.m.4 views

CVE-2021-22322

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality...

7.5CVSS7.1AI score0.00728EPSS
Exploits0References1
OSV
OSV
added 2021/06/03 4:15 p.m.5 views

CVE-2021-22316

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability...

6.8CVSS5.8AI score0.00185EPSS
Exploits0References1
CVE
CVE
added 2021/06/03 3:49 p.m.61 views

CVE-2021-22322

Technical details are not publicly available in the provided documents. Monitor for updates.

7.5CVSS7.5AI score0.00728EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/06/03 3:49 p.m.23 views

CVE-2021-22322

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality...

7.8AI score0.00728EPSS
Exploits0References1
CVE
CVE
added 2021/06/03 3:42 p.m.62 views

CVE-2021-22316

Technical details (affected software versions, root cause, fixes) are not publicly provided in the provided documents. Monitor for updates.

6.8CVSS6.5AI score0.00185EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/06/03 3:42 p.m.19 views

CVE-2021-22316

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability...

6.7AI score0.00185EPSS
Exploits0References1
ICS
ICS
added 2021/06/03 12:0 a.m.49 views

Advantech iView

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: iView Vulnerabilities: Missing Authentication for Critical Function, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

9.8CVSS8.6AI score0.08055EPSS
Exploits0References5
0day.today
0day.today
added 2021/06/01 12:0 a.m.135 views

Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication Vulnerabilities

Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706,...

9.8CVSS0.6AI score0.23282EPSS
Exploits11
Rows per page
Query Builder