Lucene search
K

181 matches found

Cvelist
Cvelist
added 2022/06/07 6:4 p.m.25 views

CVE-2022-30730

Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication...

4.6CVSS4.9AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.7 views

Barco Control Room 授权问题漏洞

Barco Control Room is a visualization and collaboration solution from Barco Belgium. It is used to build control rooms. A security vulnerability previously existed in the Barco Control Room Management Suite web application version 3.14, which stemmed from the ability to expose log files without...

7.5CVSS7.3AI score0.00939EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/04/14 3:50 p.m.23 views

CVE-2022-22189 Contrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authentication

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration CSO allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects:...

7.3CVSS7.8AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/04/13 12:0 a.m.6 views

PT-2022-2299 · Cisco · Cisco Iox +1

Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: The issue exists due to incorrect restriction of the directory path name with limited access. An attacker could inject arbitrary commands into the underlying host operating system, execut...

6.8CVSS5.3AI score0.01232EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/04/11 8:15 p.m.3 views

CVE-2022-25832

Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication...

6.8CVSS6.7AI score0.00114EPSS
Exploits0References2
OSV
OSV
added 2022/03/10 5:46 p.m.8 views

CVE-2022-24929

Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication...

3.3CVSS5.8AI score0.00099EPSS
Exploits0References1
OSV
OSV
added 2022/02/09 10:50 p.m.102 views

GHSA-C566-2GRG-MJWG Serialization vulnerability in Apache Tapestry

A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to...

9.8CVSS9.3AI score0.09732EPSS
Exploits1References5
Prion
Prion
added 2022/01/21 7:15 p.m.25 views

Default configuration

Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings...

5CVSS6.3AI score0.00802EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/01/04 12:0 a.m.6 views

Spinnaker 访问控制错误漏洞

Spinnaker is a continuous delivery platform. Used to release software changes with high speed and confidence. Spinnaker has a security vulnerability that stems from the presence of inappropriate privileges in the software that allow for pipeline creation and execution. This allows an arbitrary us...

10CVSS6.1AI score0.0257EPSS
Exploits0References3
OSV
OSV
added 2021/10/15 6:15 p.m.5 views

CVE-2021-27561

Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication...

9.8CVSS7.3AI score0.82516EPSS
Exploits0References2
OSV
OSV
added 2021/10/14 3:15 p.m.2 views

CVE-2020-19964

A Cross Site Request Forgery CSRF vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication...

6.5CVSS5.8AI score0.00497EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/10/08 12:0 a.m.3 views

Tad Uploader 访问控制错误漏洞

Tad Uploader is a file upload management module from the individual developers of Tad in Taiwan, China.An authorization issue vulnerability exists in Tad Uploader, which could be exploited by remote attackers to modify the names of folders in a booklist using this feature without logging in...

5.3CVSS5.8AI score0.00999EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/14 12:0 a.m.5 views

Siemens Industrial Edge Management 授权问题漏洞

An authorization bypass vulnerability exists in Siemens Industrial Edge Management, a Siemens platform for hosting applications from various vendors on a computing platform close to the shop floor. Lack of effective privilege management for changing passwords. The vulnerability allows an attacker...

9.8CVSS5.7AI score0.01033EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/10 12:0 a.m.6 views

Zoho ManageEngine DesktopCentral授权问题漏洞

ZOHO ManageEngine DesktopCentral is used by ZOHO for cloud-scale monitoring to reduce complexity.ZOHO ManageEngine DesktopCentral suffers from an authorization issue vulnerability that could be exploited by attackers to obtain APIKEY of valid users without authentication...

7.5CVSS5.6AI score0.05189EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.4 views

VMware vSphere Client 访问控制错误漏洞

Vmware vSphere Client is an application from Vmware, Inc. It provides virtualization management. An authorization issue vulnerability exists in Vmware vSphere Client, which can be exploited by an attacker to perform actions allowed by an affected plugin without authentication...

10CVSS5.6AI score0.12918EPSS
Exploits0References10
CNNVD
CNNVD
added 2021/04/02 12:0 a.m.5 views

de Consumentenbond Sannce Smart HD Baby Monitor 授权问题漏洞

The de Consumentenbond Sannce Smart HD Baby Monitor is a webcam from de Consumentenbond in the Netherlands. It provides monitoring functionality. A security vulnerability exists in the Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices, which can be exploited by an attacker to gain...

7.5CVSS7.4AI score0.01668EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/03/29 12:0 a.m.5 views

Acexy Wireless-N WiFi Repeater REV 安全漏洞

Amazon Acexy Wireless-N WiFi Repeater REV is an Amazon.com, Inc. It is used to provide network services A security vulnerability exists in Acexy Wireless-N WiFi Repeater REV 1.0 that originates from the ability to change the administrator password without authentication...

7.5CVSS7.3AI score0.02028EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/03/16 12:0 a.m.4 views

GE Grid Solutions UR 信息泄露漏洞

GE Grid Solutions UR is an embedded operating system from GE Grid Solutions, France. It provides high-performance protection, scalable I/O, integrated monitoring and metering, high-speed communications, and extensive programming and configuration capabilities. An information disclosure...

7.5CVSS6.9AI score0.00641EPSS
Exploits0References5
OSV
OSV
added 2021/03/10 6:15 p.m.4 views

CVE-2020-19419

Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication...

7.5CVSS7.2AI score0.02972EPSS
Exploits3References2
OSV
OSV
added 2021/02/16 8:15 p.m.5 views

CVE-2021-20067

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication...

5.3CVSS6.1AI score0.00841EPSS
Exploits0References1
Rows per page
Query Builder