Total
1252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2138 | 1 Advantech | 1 Iview | 2022-07-28 | N/A | 7.5 HIGH |
| The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. | |||||
| CVE-2020-15799 | 1 Siemens | 132 Scalance X200-4pirt, Scalance X200-4pirt Firmware, Scalance X201-3pirt and 129 more | 2022-07-28 | 7.1 HIGH | 6.5 MEDIUM |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products. | |||||
| CVE-2021-41974 | 1 Tad Book3 Project | 1 Tad Book3 | 2022-07-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission. | |||||
| CVE-2021-34538 | 1 Apache | 1 Hive | 2022-07-21 | N/A | 7.5 HIGH |
| Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious. | |||||
| CVE-2020-15335 | 1 Zyxel | 1 Cloudcnm Secumanager | 2022-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. | |||||
| CVE-2020-15336 | 1 Zyxel | 1 Cloudcnm Secumanager | 2022-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. | |||||
| CVE-2021-44222 | 1 Siemens | 1 Simatic Easie Core Package | 2022-07-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system. | |||||
| CVE-2022-33138 | 1 Siemens | 12 Simatic Mv540 H, Simatic Mv540 H Firmware, Simatic Mv540 S and 9 more | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device. | |||||
| CVE-2021-28506 | 1 Arista | 1 Eos | 2022-07-14 | 9.4 HIGH | 9.1 CRITICAL |
| An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device. | |||||
| CVE-2021-20150 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page. | |||||
| CVE-2020-25566 | 1 Sapphireims | 1 Sapphireims | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to base64(desired password). | |||||
| CVE-2021-22997 | 1 F5 | 1 Big-iq Centralized Management | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-46371 | 1 Antd-admin Project | 1 Antd-admin | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information. | |||||
| CVE-2021-43333 | 1 Datalogic | 1 Dxu | 2022-07-12 | 5.8 MEDIUM | 6.5 MEDIUM |
| The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings. | |||||
| CVE-2021-29203 | 1 Hp | 1 Edgeline Infrastructure Manager | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager. | |||||
| CVE-2021-27215 | 1 Genua | 1 Genuagate | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user. | |||||
| CVE-2021-30462 | 1 Vestacp | 1 Vesta Control Panel | 2022-07-12 | 9.0 HIGH | 7.2 HIGH |
| VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts. | |||||
| CVE-2021-22012 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | |||||
| CVE-2021-44255 | 2 Motioneye Project, Motioneyeos Project | 2 Motioneye, Motioneyeos | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server. | |||||
| CVE-2021-27570 | 1 Remotemouse | 1 Emote Remote Mouse | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running process by sending the process name in a specially crafted packet. This information is sent in cleartext and is not protected by any authentication logic. | |||||