Total
1645 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0376 | 1 Cisco | 2 Mobility Services Engine, Policy Suite | 2024-11-29 | N/A |
| A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco Bug IDs: CSCvi35109. | ||||
| CVE-2018-0377 | 1 Cisco | 2 Mobility Services Engine, Policy Suite | 2024-11-29 | N/A |
| A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017. | ||||
| CVE-2024-11980 | 1 Billion Electric | 3 M120n, M150, M500 | 2024-11-29 | 8.6 High |
| Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device. | ||||
| CVE-2024-39707 | 2024-11-27 | 5.3 Medium | ||
| Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version 05.46.19; kernel 5.5, version 05.54.19; kernel 5.6, version 05.61.19. | ||||
| CVE-2023-35830 | 1 Stw-mobile-machines | 4 Tcg-4, Tcg-4 Firmware, Tcg-4lite and 1 more | 2024-11-27 | 9.8 Critical |
| STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS. | ||||
| CVE-2023-36347 | 1 Codekop | 1 Codekop | 2024-11-27 | 7.5 High |
| A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. | ||||
| CVE-2023-34761 | 1 7-eleven | 2 Hello Cup, Led Message Cup | 2024-11-27 | 6.5 Medium |
| An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter. | ||||
| CVE-2024-47138 | 1 Myscada | 2 Mypro Manager, Mypro Runtime | 2024-11-26 | 9.8 Critical |
| The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed. | ||||
| CVE-2023-2834 | 1 Stylemixthemes | 1 Bookit | 2024-11-26 | 9.8 Critical |
| The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | ||||
| CVE-2023-22906 | 1 Heroelectronix | 4 Qubo Hcd01, Qubo Hcd01 Firmware, Qubo Hcd02 and 1 more | 2024-11-25 | 8.8 High |
| Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password. | ||||
| CVE-2020-12491 | 2024-11-25 | N/A | ||
| Improper control of framework service permissions with possibility of some sensitive device information leakage. | ||||
| CVE-2020-12492 | 2024-11-25 | N/A | ||
| Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information. | ||||
| CVE-2024-38643 | 1 Qnap | 1 Notes Station 3 | 2024-11-22 | N/A |
| A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later | ||||
| CVE-2019-1876 | 1 Cisco | 1 Wide Area Application Services | 2024-11-21 | N/A |
| A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies. | ||||
| CVE-2019-15282 | 1 Cisco | 1 Identity Services Engine Software | 2024-11-21 | 5.3 Medium |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme. | ||||
| CVE-2024-33622 | 2024-11-21 | 6.5 Medium | ||
| Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated attacker. | ||||
| CVE-2024-52437 | 1 Saul Morales Pacheco | 1 Banner System | 2024-11-21 | 8.8 High |
| Missing Authentication for Critical Function vulnerability in Saul Morales Pacheco Banner System allows Privilege Escalation.This issue affects Banner System: from n/a through 1.0.0. | ||||
| CVE-2024-47865 | 1 Rakuten | 1 Turbo 5g Firmware | 2024-11-21 | 5.3 Medium |
| Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device. | ||||
| CVE-2024-52438 | 1 Deco.agency | 1 De.branding | 2024-11-21 | 8.8 High |
| Missing Authentication for Critical Function vulnerability in deco.Agency de:branding allows Privilege Escalation.This issue affects de:branding: from n/a through 1.0.2. | ||||
| CVE-2024-7154 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||