Search Results (3571 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-1197 1 Ibm 1 Bigfix Security Compliance Analytics 2025-04-20 N/A
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672.
CVE-2017-12155 2 Ceph, Redhat 2 Ceph, Openstack 2025-04-20 N/A
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
CVE-2017-1523 1 Ibm 1 Infosphere Master Data Management 2025-04-20 N/A
IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892.
CVE-2017-6409 1 Veritas 2 Netbackup, Netbackup Appliance 2025-04-20 N/A
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.
CVE-2017-7315 1 Humaxdigital 2 Hg100r, Hg100r Firmware 2025-04-20 N/A
An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin.
CVE-2017-7480 1 Rootkit Hunter Project 1 Rootkit Hunter 2025-04-20 9.8 Critical
rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution.
CVE-2017-8156 1 Huawei 2 B2338-168, B2338-168 Firmware 2025-04-20 N/A
The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow the attacker to take control over the outdoor unit.
CVE-2024-48950 1 Logpoint 2 Logpoint, Siem 2025-04-18 7.5 High
An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication.
CVE-2022-1070 1 Aethon 1 Tug Home Base Server 2025-04-17 8.2 High
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
CVE-2021-26264 1 Emerson 2 Deltav Distributed Control System, Deltav Workstation 2025-04-17 6.1 Medium
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition.
CVE-2021-22640 1 Ovarro 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more 2025-04-17 7.5 High
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.
CVE-2024-2076 1 Codeastro 1 House Rental Management System 2025-04-16 5.3 Medium
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255392.
CVE-2021-33008 1 Aveva 1 System Platform 2025-04-16 8.8 High
AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.
CVE-2022-41644 1 Deltaww 1 Infrasuite Device Master 2025-04-16 8.8 High
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges.
CVE-2021-33843 1 Fresenius-kabi 2 Agilia Sp Mc Wifi, Agilia Sp Mc Wifi Firmware 2025-04-16 5.3 Medium
Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings.
CVE-2020-10640 1 Emerson 1 Openenterprise Scada Server 2025-04-16 10 Critical
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
CVE-2022-25922 1 Hegemonelectronics 2 Plc4trucks, Plc4trucks Firmware 2025-04-16 6.1 Medium
Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions.
CVE-2022-25247 1 Ptc 2 Axeda Agent, Axeda Desktop Server 2025-04-16 9.8 Critical
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.
CVE-2022-25250 1 Ptc 2 Axeda Agent, Axeda Desktop Server 2025-04-16 7.5 High
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service.
CVE-2022-25251 1 Ptc 2 Axeda Agent, Axeda Desktop Server 2025-04-16 9.8 Critical
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration.