Total
1117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27980 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2023-03-24 | N/A | 8.8 HIGH |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior) | |||||
| CVE-2022-45551 | 1 Zbt | 2 We1626, We1626 Firmware | 2023-03-10 | N/A | 9.8 CRITICAL |
| An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. | |||||
| CVE-2023-20857 | 1 Vmware | 1 Workspace One Content | 2023-03-09 | N/A | 6.8 MEDIUM |
| VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode. | |||||
| CVE-2022-45138 | 1 Wago | 14 751-9301, 751-9301 Firmware, 752-8303\/8000-002 and 11 more | 2023-03-07 | N/A | 9.8 CRITICAL |
| The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device. | |||||
| CVE-2022-45140 | 1 Wago | 14 751-9301, 751-9301 Firmware, 752-8303\/8000-002 and 11 more | 2023-03-07 | N/A | 9.8 CRITICAL |
| The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. | |||||
| CVE-2019-1895 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2023-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an insufficient authentication mechanism used to establish a VNC session. An attacker could exploit this vulnerability by intercepting an administrator VNC session request prior to login. A successful exploit could allow the attacker to watch the administrator console session or interact with it, allowing admin access to the affected device. | |||||
| CVE-2023-23453 | 1 Sick | 4 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gent00010 and 1 more | 2023-03-02 | N/A | 9.8 CRITICAL |
| Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | |||||
| CVE-2023-23452 | 1 Sick | 4 Fx0-gpnt00000, Fx0-gpnt00000 Firmware, Fx0-gpnt00010 and 1 more | 2023-03-02 | N/A | 9.8 CRITICAL |
| Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | |||||
| CVE-2023-25570 | 1 Apolloconfig | 1 Apollo | 2023-03-01 | N/A | 7.5 HIGH |
| Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers may access eureka directly to mock apollo-configservice and apollo-adminservice. Login authentication for eureka was added in version 2.1.0. As a workaround, avoid exposing apollo-configservice to the internet. | |||||
| CVE-2019-6451 | 1 Soyal | 4 Ar-727h, Ar-727h Firmware, Ar-829ev5 and 1 more | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow unauthenticated POST access. | |||||
| CVE-2022-22809 | 1 Schneider-electric | 6 Fellerlynk, Fellerlynk Firmware, Spacelynk and 3 more | 2023-02-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) | |||||
| CVE-2022-48300 | 1 Huawei | 2 Emui, Harmonyos | 2023-02-16 | N/A | 7.5 HIGH |
| The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-48299 | 1 Huawei | 2 Emui, Harmonyos | 2023-02-16 | N/A | 7.5 HIGH |
| The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-48288 | 1 Huawei | 2 Emui, Harmonyos | 2023-02-16 | N/A | 7.5 HIGH |
| The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-48289 | 1 Huawei | 2 Emui, Harmonyos | 2023-02-16 | N/A | 7.5 HIGH |
| The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2019-15018 | 1 Zingbox | 1 Inspector | 2023-02-15 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant. | |||||
| CVE-2015-5201 | 1 Redhat | 2 Enterprise Virtualization, Enterprise Virtualization Hypervisor | 2023-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors. | |||||
| CVE-2020-25697 | 1 X.org | 1 X Server | 2023-02-12 | 4.4 MEDIUM | 7.0 HIGH |
| A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to. | |||||
| CVE-2019-3899 | 2 Heketi Project, Redhat | 2 Heketi, Openshift Container Platform | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11. | |||||
| CVE-2017-2637 | 1 Redhat | 1 Openstack | 2023-02-12 | 10.0 HIGH | 10.0 CRITICAL |
| A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host. | |||||