Export limit exceeded: 12400 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12400 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9857 | 1 Sma | 79 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 76 more | 2025-04-20 | N/A |
| An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be replayed, injected, or used for a man in the middle session. All functionalities available in Sunny Explorer can effectively be done from anywhere within the network as long as an attacker gets the packet setup correctly. This includes the authentication process for all (including hidden) access levels and the changing of settings in accordance with the gained access rights. Furthermore, because the SMAdata2+ communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected | ||||
| CVE-2017-9625 | 1 Envitech | 1 Envidas Ultimate | 2025-04-20 | N/A |
| An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely. | ||||
| CVE-2017-8078 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2025-04-20 | N/A |
| On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | ||||
| CVE-2017-8006 | 1 Emc | 1 Rsa Authentication Manager | 2025-04-20 | N/A |
| In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. The malicious user could potentially reset the compromised PIN to affect victim's ability to obtain access to protected resources. | ||||
| CVE-2017-7930 | 1 Osisoft | 1 Pi Data Archive | 2025-04-20 | N/A |
| An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. | ||||
| CVE-2017-7919 | 1 Newport | 4 Xps-cx, Xps-cx Firmware, Xps-qx and 1 more | 2025-04-20 | N/A |
| An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. An attacker may bypass authentication by accessing a specific uniform resource locator (URL). | ||||
| CVE-2017-7918 | 1 Cambium Networks | 8 Epmp 1000, Epmp 1000 Firmware, Epmp 1000 Hotspot and 5 more | 2025-04-20 | N/A |
| An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes. | ||||
| CVE-2017-6624 | 1 Cisco | 1 Ios | 2025-04-20 | N/A |
| A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939. | ||||
| CVE-2017-6617 | 1 Cisco | 1 Integrated Management Controller Supervisor | 2025-04-20 | N/A |
| A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583. | ||||
| CVE-2017-6530 | 1 Televes | 2 Coaxdata Gateway 1gbps, Coaxdata Gateway 1gbps Firmware | 2025-04-20 | N/A |
| Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change. | ||||
| CVE-2017-6526 | 1 Dnatools | 1 Dnalims | 2025-04-20 | N/A |
| An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests). | ||||
| CVE-2017-5791 | 1 Hp | 1 Intelligent Management Center Plat | 2025-04-20 | N/A |
| The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. | ||||
| CVE-2015-0110 | 1 Ibm | 2 Business Process Manager, Websphere Application Server | 2025-04-20 | N/A |
| IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. | ||||
| CVE-2017-4989 | 1 Emc | 1 Avamar Server | 2025-04-20 | N/A |
| In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information, perform software updates, or run maintenance workflows. | ||||
| CVE-2017-2914 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2025-04-20 | 8.1 High |
| An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability. | ||||
| CVE-2017-9370 | 1 Blackberry | 1 Workspaces | 2025-04-20 | N/A |
| An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server. | ||||
| CVE-2017-2864 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2025-04-20 | 9.8 Critical |
| An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of packets to trigger this vulnerability. | ||||
| CVE-2015-1976 | 1 Ibm | 2 Security Directory Server, Tivoli Directory Server | 2025-04-20 | N/A |
| IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. | ||||
| CVE-2017-2768 | 1 Emc | 1 Smarts Network Configuration Manager | 2025-04-20 | N/A |
| EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited by malicious users to compromise the affected system. | ||||
| CVE-2017-2767 | 1 Emc | 1 Smarts Network Configuration Manager | 2025-04-20 | N/A |
| EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. | ||||