CWE:
 

Topic
Date
Author
Low
SAP FRUN Simple Diagnostics Agent 1.0 Missing Authentication
22.06.2022
Yvan Genuer
Med.
SAP Netweaver JAVA 7.50 Missing Authorization
17.06.2021
Ignacio D. Favro
Med.
URVE Software Build 24.03.2020 Authentication Bypass / Remote Code Execution
30.12.2020
Erik Steltzner
Med.
IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution
29.03.2020
Pedro Ribeiro
Med.
Sophos UTM 9.410 loginuser confd Service Privilege Escalation
06.03.2018
KoreLogic
Med.
JD Edwards 9.1 EnterpriseOne Server Denial Of Service
28.08.2016
Fernando Russ and Mati...
Med.
JD Edwards 9.1 EnterpriseOne Server Create Users
28.08.2016
Fernando Russ and Mati...
High
SAP TREX 7.10 Revision 63 Remote Command Execution
22.08.2016
Multiple
Med.
Davolink DV-2051 Missing Access Control
06.08.2016
Eric Flokstra
High
InFocus IN3128HD Projector Missing Authentication
28.04.2015
CORE
High
Allied Telesis AT-RG634A ADSL router unauthenticated webshell
26.03.2014
Sebastian Muniz
High
INSTEON Hub 2242-222 Lack Of Authentication
02.08.2013
David Bryan


CVEMAP Search Results

CVE
Details
Description
2024-10-17
Waiting for details
CVE-2024-49399

Updating...
 

 
The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information.

 
Waiting for details
CVE-2024-48920

Updating...
 

 
PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually.

 
2024-10-15
Waiting for details
CVE-2024-45274

Updating...
 

 
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.

 
Waiting for details
CVE-2024-9984

Updating...
 

 
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie.

 
2024-10-11
Waiting for details
CVE-2024-8530

Updating...
 

 
CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated �??logcaptures�?� archive is accessed directly by HTTPS.

 
2024-10-08
Waiting for details
CVE-2024-43488

Updating...
 

 
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.

 
2024-10-03
Waiting for details
CVE-2024-41988

Updating...
 

 
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.

 
2024-10-02
Waiting for details
CVE-2024-35294

Updating...
 

 
An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.

 
Waiting for details
CVE-2024-35293

Updating...
 

 
An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.

 
2024-09-30
Waiting for details
CVE-2024-8456

Updating...
 

 
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top