Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation

Ivanti is warning users to update their Endpoint Manager Mobile EPMM mobile device management software formerly MobileIron Core to the latest version that fixes an actively exploited zero-day vulnerability. Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access...

Ivanti Endpoint Manager Mobile < 11.8.1.1 / 11.9.x < 11.9.1.1 / 11.10.x < 11.10.0.2 Remote Unauthenticated API Access (CVE-2023-35078)

The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is 11.8.1.1, 11.9.x 11.9.1.1, or 11.10.x 11.10.0.2. It is, therefore, affected by an undisclosed unauthenticated API access vulnerability. Note that Nessus has not tested for the temporary RPM-base...

Fedora 37 : chromium (2023-f4954af225)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f4954af225 advisory. update to 114.0.5735.106. Fixes the following security issue: CVE-2023-3709 Tenable has extracted the preceding description block directly from the...

CVE-2022-4240 Unauthenticated API allowing an attacker to obtain the information about network resources

Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1...

CVE-2022-45456

Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent Windows, macOS, Linux before build 30161...

CVE-2022-45456

Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent Windows, macOS, Linux before build 30161...

Denial of service

Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent Windows, macOS, Linux before build 30161...

CVE-2022-45456

Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent Windows, macOS, Linux before build 30161...

CVE-2022-45456

Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent Windows, macOS, Linux before build 30161...

CVE-2022-45456

CVE-2022-45456 affects Acronis Agent (Windows, macOS, Linux) prior to build 30161. The vulnerability stems from an unauthenticated API endpoint that can lead to denial of service. Documented impact is a DoS with availability impact; exploitation status is not shown in the supplied sources. Multip...

PT-2023-14673 · Acronis · Acronis Agent

Name of the Vulnerable Software and Affected Versions: Acronis Agent versions prior to build 30161 Description: The issue is related to a denial of service due to an unauthenticated API endpoint. Recommendations: For Acronis Agent versions prior to build 30161, update to build 30161 or later to...

CVE-2020-14140

When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute...

PT-2023-11474 · Xiaomi · Xiaomi Router Firmware

Name of the Vulnerable Software and Affected Versions: Xiaomi router firmware affected versions not specified Description: The issue is caused by the lack of access control policies on some API interfaces, allowing attackers to exploit an unauthenticated API and reveal the WIFI password. This can...

CVE-2020-14140

When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute...

CVE-2020-14140

The CVE-2020-14140 entry concerns Xiaomi router firmware. Affected component: router API interfaces lacking access control, leading to an unauthenticated API that can reveal the WIFI password. Root cause: insufficient access control on certain API endpoints, enabling unauthorized access. Impact: ...

SUSE CVE-2020-8551

The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on...

CVE-2022-43976

An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p03.2.2.17p04.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication...

GE Grid Solutions MS3000 安全漏洞

GE Grid Solutions MS3000 is a transformer monitoring system from GE Grid Solutions, France. A security vulnerability exists in the GE Grid Solutions MS3000 versions prior to 3.7.6.25p03.2.2.17p04.7p0, which stems from the ability to directly access the API on TCP port 8888 without any...

CVE-2023-23590

Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service device restart via an unauthenticated API request. The attacker must be on the same network as the device...

Design/Logic Flaw

Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service device restart via an unauthenticated API request. The attacker must be on the same network as the device...