Total
1450 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20220 | 1 Teracue | 6 Enc-400 Hdmi, Enc-400 Hdmi2, Enc-400 Hdmi2 Firmware and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information. | |||||
| CVE-2018-1757 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force ID: 148601. | |||||
| CVE-2018-1745 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424. | |||||
| CVE-2018-1501 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226. | |||||
| CVE-2018-1164 | 1 Zyxel | 2 P-870h-51, P-870h-51 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540. | |||||
| CVE-2018-19636 | 1 Opensuse | 1 Supportutils | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
| Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges | |||||
| CVE-2018-19248 | 1 Epson | 2 Epson Workforce Wf-2861, Epson Workforce Wf-2861 Firmware | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI. | |||||
| CVE-2018-19079 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot. | |||||
| CVE-2018-18995 | 1 Abb | 4 Gate-e1, Gate-e1 Firmware, Gate-e2 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses. | |||||
| CVE-2018-18264 | 1 Kubernetes | 1 Dashboard | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. | |||||
| CVE-2018-17924 | 1 Rockwellautomation | 32 1756-en2f Series A, 1756-en2f Series A Firmware, 1756-en2f Series B and 29 more | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address. | |||||
| CVE-2018-17906 | 1 Philips | 2 Intellispace Pacs, Isite Pacs | 2024-11-21 | 3.3 LOW | 8.8 HIGH |
| Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system. | |||||
| CVE-2018-17880 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot. | |||||
| CVE-2018-16758 | 3 Debian, Starwindsoftware, Tinc-vpn | 3 Debian Linux, Starwind Virtual San, Tinc | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. | |||||
| CVE-2018-15466 | 1 Cisco | 1 Policy Suite For Mobile | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An exploit could allow the attacker to access various statistics and Key Performance Indicators (KPIs) regarding the Cisco Policy Suite environment. | |||||
| CVE-2018-14796 | 1 Tec4data | 2 Smartcooler, Smartcooler Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack. | |||||
| CVE-2018-13114 | 1 Keruigroup | 2 Ypc99, Ypc99 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command. | |||||
| CVE-2018-11764 | 1 Apache | 1 Hadoop | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured. | |||||
| CVE-2018-11476 | 1 Vgate | 2 Icar 2 Wi-fi Obd2, Icar 2 Wi-fi Obd2 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication. | |||||
| CVE-2018-11247 | 1 Nasdaq | 1 Bwise | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81. | |||||