CWE:
 

Topic
Date
Author
Med.
Sophos UTM 9.410 loginuser confd Service Privilege Escalation
06.03.2018
KoreLogic
Med.
JD Edwards 9.1 EnterpriseOne Server Denial Of Service
28.08.2016
Fernando Russ and Mati...
Med.
JD Edwards 9.1 EnterpriseOne Server Create Users
28.08.2016
Fernando Russ and Mati...
High
SAP TREX 7.10 Revision 63 Remote Command Execution
22.08.2016
Multiple
Med.
Davolink DV-2051 Missing Access Control
06.08.2016
Eric Flokstra
High
InFocus IN3128HD Projector Missing Authentication
28.04.2015
CORE
High
Allied Telesis AT-RG634A ADSL router unauthenticated webshell
26.03.2014
Sebastian Muniz
High
INSTEON Hub 2242-222 Lack Of Authentication
02.08.2013
David Bryan


CVEMAP Search Results

CVE
Details
Description
2018-09-20
High
CVE-2018-14796

Vendor: Tec4data
Software: Smartcooler ...
 

 
Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack.

 
2018-08-23
Medium
CVE-2018-14786

Vendor: BD
Software: Alaris cc fi...
 

 
Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port.

 
2018-08-15
Medium
CVE-2018-11247

Vendor: Nasdaq
Software: Bwise
 

 
The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81.

 
2018-07-26
High
CVE-2017-2637

Vendor: Redhat
Software: Openstack
 

 
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host.

 
2018-07-24
High
CVE-2017-3217

Vendor: Calamp
Software: Lmu 3030 cdm...
 

 
CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the device (via an IMSI Catcher, for example) to send administrative commands to the device. These commands can be used to provide ongoing, real-time access to the device and can configure parameters such as IP addresses, firewall rules, and passwords.

 
2018-07-18
Medium
CVE-2018-0374

Vendor: Cisco
Software: Mobility ser...
 

 
A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful exploit could allow the attacker to access and change any data in the Policy Builder database. Cisco Bug IDs: CSCvh06134.

 
Medium
CVE-2018-0376

Vendor: Cisco
Software: Mobility ser...
 

 
A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco Bug IDs: CSCvi35109.

 
Medium
CVE-2018-0377

Vendor: Cisco
Software: Mobility ser...
 

 
A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017.

 
2018-07-13
Medium
CVE-2016-9496

Vendor: Hughes
Software: Dw7000 firmware
 

 
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot.

 
2018-07-11
High
CVE-2018-10635

Vendor: Universal-robots
Software: Cb3.1 firmware
 

 
In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top