180 matches found
D-Link DIR-619 缓冲区错误漏洞
D-Link DIR-619L is a home wireless router from AUO D-Link, designed for home and small office environments, utilizing the IEEE 802.11n wireless standard with a maximum transmission rate of 300Mbps. The D-Link DIR-619L suffers from a buffer overflow vulnerability that originates from improper inpu...
CVE-2023-4335
Broadcom RAID Controller Web server nginx is serving private server-side files without any authentication on Linux...
CVE-2022-32876
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A shortcut may be able to view the hidden photos album without authentication...
CVE-2023-32365
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.5 and iPadOS 16.5. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication...
ESPEC MIC 多款产品访问控制错误漏洞
The ESPEC MIC RT-12N and others are an environmental sensor from ESPEC MIC. A security vulnerability exists in the Especmic RT-12N/RS-12N, RT-22BN, and TEU-12N, which stems from a lack of authentication for critical functions, and can be exploited by an attacker to tamper with the settings of the...
Security Bulletin: Administrator password can be reset without authentication on SAN Volume Controller and Storwize Family (CVE-2014-4811)
Summary Security Bulletin: Administrator password can be reset without authentication on SAN Volume Controller and Storwize Family CVE-2014-4811 Vulnerability Details Security Bulletin --- Summary --- The administrator superuser password can be reset to a default value without requiring prior...
Couchbase Server 访问控制错误漏洞
Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server versions 5.x through 7.x prior to 7.1.4, which stems from access...
CVE-2023-28461
Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...
SUSE CVE-2013-3564
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating...
SUSE CVE-2014-7271
Simple Desktop Display Manager SDDM before 0.10.0 allows local users to log in as user "sddm" without authentication...
SUSE CVE-2019-12815
An arbitrary file copy vulnerability in modcopy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306...
CVE-2021-43447
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication...
PT-2022-26082 · Kyocera · Taskalfa 255C +34
Name of the Vulnerable Software and Affected Versions: Kyocera Document Solutions MFPs and printers versions TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa...
CVE-2022-39873
Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication...
CVE-2022-36876
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication...
CVE-2022-37133
D-link DIR-816 A2v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end...
Supersmart 安全漏洞
Supersmart is an artificially intelligent automated checkout for brick-and-mortar retail from Israel's Supersmart. Supersmart Walk suffers from a security vulnerability that stems from the presence of unauthorized actions performed on other customers, which can be exploited by an attacker to rese...
ALLNET WR0500AC 访问控制错误漏洞
The ALLNET WR0500AC is a wireless router from ALLNET. The ALLNET WR0500AC suffers from an access control error vulnerability that originates from the wizardpwd.asp page that can change the password of the admin account without authentication...
CVE-2022-30730
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication...
CVE-2022-30730
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication...