Total
1280 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4337 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-09-17 | 5.3 Medium |
| IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412. | ||||
| CVE-2018-10635 | 1 Universal-robots | 2 Cb3.1, Cb3.1 Firmware | 2024-09-17 | N/A |
| In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained. | ||||
| CVE-2020-3920 | 1 Unisoon | 2 Ultralog Express, Ultralog Express Firmware | 2024-09-17 | 8.1 High |
| UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory. | ||||
| CVE-2019-1897 | 1 Cisco | 6 Rv110w, Rv110w Firmware, Rv130w and 3 more | 2024-09-17 | 5.3 Medium |
| A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for device disconnection and providing the connected device information. A successful exploit could allow the attacker to deny service to specific clients that are connected to the guest network. | ||||
| CVE-2020-10265 | 1 Universal-robots | 7 Ur10, Ur10e, Ur3 and 4 more | 2024-09-17 | 9.4 Critical |
| Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more. The DashBoard server is not protected by any kind of authentication or authorization. | ||||
| CVE-2020-5373 | 1 Dell | 2 Emc Omimssc For Sccm, Emc Omimssc For Scvmm | 2024-09-17 | 6.5 Medium |
| Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device. | ||||
| CVE-2017-8155 | 1 Huawei | 2 B2338-168, B2338-168 Firmware | 2024-09-17 | N/A |
| The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without authentication. Successful exploit could allow the attacker to take control over the outdoor unit. | ||||
| CVE-2022-32157 | 1 Splunk | 1 Splunk | 2024-09-17 | 7.5 High |
| Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation. | ||||
| CVE-2018-9162 | 1 Contec-touch | 2 Smart Home, Smart Home Firmware | 2024-09-17 | N/A |
| Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors. | ||||
| CVE-2020-10605 | 1 Grundfos | 2 Cim 500, Cim 500 Firmware | 2024-09-17 | 7.5 High |
| Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files. | ||||
| CVE-2021-23847 | 1 Bosch | 6 Cpp6, Cpp6 Firmware, Cpp7 and 3 more | 2024-09-17 | 9.8 Critical |
| A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected. | ||||
| CVE-2022-0922 | 1 Philips | 2 E-alert, E-alert Firmware | 2024-09-17 | 6.5 Medium |
| The software does not perform any authentication for critical system functionality. | ||||
| CVE-2022-26303 | 1 Openautomationsoftware | 1 Oas Platform | 2024-09-17 | 7.5 High |
| An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-25250 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2024-09-17 | 7.5 High |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service. | ||||
| CVE-2020-3335 | 1 Cisco | 2 Application Policy Infrastructure Controller, Application Services Engine | 2024-09-17 | 5.5 Medium |
| A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with valid credentials. A successful exploit could allow the attacker to read the sensitive information of other users on the affected device. | ||||
| CVE-2022-36780 | 1 Avdorcis | 1 Crystal Quality | 2024-09-17 | 4.9 Medium |
| Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number. | ||||
| CVE-2023-21931 | 1 Oracle | 1 Weblogic Server | 2024-09-17 | 7.5 High |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2021-30167 | 1 Meritlilin | 82 P2g1022, P2g1022 Firmware, P2g1022x and 79 more | 2024-09-17 | 9.8 Critical |
| The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices. | ||||
| CVE-2021-20474 | 1 Ibm | 1 Guardium Data Encryption | 2024-09-17 | 7.5 High |
| IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. | ||||
| CVE-2022-25247 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2024-09-17 | 9.8 Critical |
| Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution. | ||||