Search Results (2508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5410 2 Firewalld, Redhat 6 Firewalld, Enterprise Linux, Enterprise Linux Desktop and 3 more 2025-04-20 N/A
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
CVE-2016-8355 1 Smiths-medical 1 Cadd-solis Medication Safety Software 2025-04-20 N/A
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates.
CVE-2017-10804 1 Odoo 1 Odoo 2025-04-20 N/A
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used.
CVE-2017-13997 1 Schneider-electric 2 Wonderware Indusoft Web Studio, Wonderware Intouch 2025-04-20 N/A
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.
CVE-2017-1483 1 Ibm 3 Security Identity Governance And Intelligence, Security Identity Manager, Security Privileged Identity Manager 2025-04-20 N/A
IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621.
CVE-2017-16241 1 Amag 6 En-1dbc, En-1dbc Firmware, En-2dbc and 3 more 2025-04-20 N/A
Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.
CVE-2017-17747 1 Tp-link 2 Tl-sg108e, Tl-sg108e Firmware 2025-04-20 N/A
Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.
CVE-2017-14350 1 Hp 1 Application Performance Management 2025-04-20 N/A
A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.
CVE-2014-0121 2 Hawt, Redhat 2 Hawtio, Jboss Fuse 2025-04-20 N/A
The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.
CVE-2017-6409 1 Veritas 2 Netbackup, Netbackup Appliance 2025-04-20 N/A
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.
CVE-2015-9030 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication.
CVE-2016-10364 1 Elastic 1 Kibana 2025-04-20 N/A
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
CVE-2016-5053 1 Osram 1 Lightify Home 2025-04-20 N/A
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.
CVE-2017-1523 1 Ibm 1 Infosphere Master Data Management 2025-04-20 N/A
IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892.
CVE-2016-7830 1 Sony 10 Pcs-xc1, Pcs-xc1 Firmware, Pcs-xg100 and 7 more 2025-04-20 N/A
Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.
CVE-2017-14417 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 9.8 Critical
register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.
CVE-2017-12440 2 Openstack, Redhat 2 Openstack, Openstack 2025-04-20 N/A
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee.
CVE-2017-8156 1 Huawei 2 B2338-168, B2338-168 Firmware 2025-04-20 N/A
The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow the attacker to take control over the outdoor unit.
CVE-2017-8155 1 Huawei 2 B2338-168, B2338-168 Firmware 2025-04-20 N/A
The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without authentication. Successful exploit could allow the attacker to take control over the outdoor unit.
CVE-2017-7315 1 Humaxdigital 2 Hg100r, Hg100r Firmware 2025-04-20 N/A
An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin.