Search Results (3610 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-0121 2 Hawt, Redhat 2 Hawtio, Jboss Fuse 2025-04-20 N/A
The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.
CVE-2017-10789 1 Dbd-mysql Project 1 Dbd-mysql 2025-04-20 N/A
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
CVE-2017-10807 1 Jabberd2 1 Jabberd2 2025-04-20 N/A
JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
CVE-2017-12822 1 Sentinel 1 Sentinel Ldk Rte Firmware 2025-04-20 N/A
Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.
CVE-2017-13997 1 Schneider-electric 2 Wonderware Indusoft Web Studio, Wonderware Intouch 2025-04-20 N/A
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.
CVE-2017-4919 1 Vmware 1 Vcenter Server 2025-04-20 N/A
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.
CVE-2017-5637 3 Apache, Debian, Redhat 5 Zookeeper, Debian Linux, Jboss Bpms and 2 more 2025-04-20 N/A
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
CVE-2017-7480 1 Rootkit Hunter Project 1 Rootkit Hunter 2025-04-20 9.8 Critical
rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution.
CVE-2017-7673 1 Apache 1 Openmeetings 2025-04-20 N/A
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
CVE-2024-48950 1 Logpoint 2 Logpoint, Siem 2025-04-18 7.5 High
An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication.
CVE-2022-1070 1 Aethon 1 Tug Home Base Server 2025-04-17 8.2 High
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
CVE-2021-26264 1 Emerson 2 Deltav Distributed Control System, Deltav Workstation 2025-04-17 6.1 Medium
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition.
CVE-2021-22640 1 Ovarro 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more 2025-04-17 7.5 High
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.
CVE-2024-2076 1 Codeastro 1 House Rental Management System 2025-04-16 5.3 Medium
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255392.
CVE-2021-33008 1 Aveva 1 System Platform 2025-04-16 8.8 High
AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.
CVE-2022-41644 1 Deltaww 1 Infrasuite Device Master 2025-04-16 8.8 High
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges.
CVE-2021-33843 1 Fresenius-kabi 2 Agilia Sp Mc Wifi, Agilia Sp Mc Wifi Firmware 2025-04-16 5.3 Medium
Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings.
CVE-2020-10640 1 Emerson 1 Openenterprise Scada Server 2025-04-16 10 Critical
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
CVE-2022-25922 1 Hegemonelectronics 2 Plc4trucks, Plc4trucks Firmware 2025-04-16 6.1 Medium
Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions.
CVE-2022-25247 1 Ptc 2 Axeda Agent, Axeda Desktop Server 2025-04-16 9.8 Critical
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.