Total
2799 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1419 | 1 Cisco | 84 1100-8p, 1100-8p Firmware, 1120 and 81 more | 2024-09-16 | 7.8 High |
| A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user. | ||||
| CVE-2020-3482 | 1 Cisco | 2 Expressway, Telepresence Video Communication Server | 2024-09-16 | 6.5 Medium |
| A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow the attacker to send traffic through the affected software to destinations beyond the application, possibly allowing the attacker to gain unauthorized network access. | ||||
| CVE-2021-36909 | 1 Webfactoryltd | 1 Wp Reset Pro | 2024-09-16 | 8.8 High |
| Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. | ||||
| CVE-2021-25320 | 1 Rancher | 1 Rancher | 2024-09-16 | 9.9 Critical |
| A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16. | ||||
| CVE-2024-34543 | 1 Intel | 1 Raid Web Console | 2024-09-16 | 6.7 Medium |
| Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-41298 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2024-09-16 | 8.8 High |
| ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities. | ||||
| CVE-2020-7278 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 7.4 High |
| Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates. | ||||
| CVE-2022-22183 | 1 Juniper | 1 Junos Os Evolved | 2024-09-16 | 7.5 High |
| An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS. | ||||
| CVE-2019-1763 | 1 Cisco | 8 Ip Conference Phone 8832, Ip Conference Phone 8832 Firmware, Ip Phone 8800 and 5 more | 2024-09-16 | 7.5 High |
| A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected. | ||||
| CVE-2019-9529 | 1 Cobham | 2 Explorer 710, Explorer 710 Firmware | 2024-09-16 | 5.5 Medium |
| The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device. | ||||
| CVE-2022-27660 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-09-16 | 7.5 High |
| A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. | ||||
| CVE-2021-3554 | 1 Bitdefender | 2 Endpoint Security Tools, Gravityzone | 2024-09-16 | 9 Critical |
| Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. | ||||
| CVE-2019-9531 | 1 Cobham | 2 Explorer 710, Explorer 710 Firmware | 2024-09-16 | 9.8 Critical |
| The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device. | ||||
| CVE-2022-20762 | 1 Cisco | 1 Ultra Cloud Core - Subscriber Microservices Infrastructure | 2024-09-16 | 7.8 High |
| A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with root privileges. | ||||
| CVE-2021-25991 | 1 If-me | 1 Ifme | 2024-09-16 | 5.7 Medium |
| In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme. | ||||
| CVE-2020-10288 | 2 Abb, Windriver | 4 Irb140, Irc5, Robotware and 1 more | 2024-09-16 | 9.8 Critical |
| IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted. | ||||
| CVE-2024-40766 | 1 Sonicwall | 52 Nsa 2650, Nsa 2700, Nsa 3600 and 49 more | 2024-09-16 | 9.3 Critical |
| An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. | ||||
| CVE-2016-10369 | 1 Lxterminal Project | 1 Lxterminal | 2024-09-16 | N/A |
| unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control). | ||||
| CVE-2022-36385 | 1 Contechealth | 2 Cms8000, Cms8000 Firmware | 2024-09-16 | 6.8 Medium |
| A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device. | ||||
| CVE-2021-25956 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2024-09-16 | 4.7 Medium |
| In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name. | ||||