Vulnerabilities (CVE)

Filtered by CWE-306
Total 954 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-14350 1 Hp 1 Application Performance Management 2023-12-10 10.0 HIGH 9.8 CRITICAL
A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.
CVE-2017-12733 1 Opwglobal 6 Sitesentinel Integra 100, Sitesentinel Integra 100 Firmware, Sitesentinel Integra 500 and 3 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges.
CVE-2017-13997 1 Schneider-electric 2 Wonderware Indusoft Web Studio, Wonderware Intouch 2023-12-10 10.0 HIGH 9.8 CRITICAL
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.
CVE-2017-1523 1 Ibm 1 Infosphere Master Data Management 2023-12-10 5.0 MEDIUM 7.5 HIGH
IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892.
CVE-2017-1483 1 Ibm 3 Security Identity Governance And Intelligence, Security Identity Manager, Security Privileged Identity Manager 2023-12-10 7.5 HIGH 8.6 HIGH
IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621.
CVE-2017-12440 1 Openstack 1 Openstack 2023-12-10 6.0 MEDIUM 7.5 HIGH
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee.
CVE-2017-6044 1 Sierra Wireless 4 Airlink Raven Xe, Airlink Raven Xe Firmware, Airlink Raven Xt and 1 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.
CVE-2017-8156 1 Huawei 2 B2338-168, B2338-168 Firmware 2023-12-10 7.2 HIGH 6.8 MEDIUM
The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow the attacker to take control over the outdoor unit.
CVE-2015-9030 1 Google 1 Android 2023-12-10 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication.
CVE-2017-14417 1 Dlink 2 Dir-850l, Dir-850l Firmware 2023-12-10 7.5 HIGH 9.8 CRITICAL
register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.
CVE-2017-8155 1 Huawei 2 B2338-168, B2338-168 Firmware 2023-12-10 7.2 HIGH 8.4 HIGH
The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without authentication. Successful exploit could allow the attacker to take control over the outdoor unit.
CVE-2017-17746 1 Tp-link 2 Tl-sg108e, Tl-sg108e Firmware 2023-12-10 7.7 HIGH 6.8 MEDIUM
Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated.
CVE-2017-4052 1 Mcafee 1 Advanced Threat Defense 2023-12-10 7.5 HIGH 9.8 CRITICAL
Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter.
CVE-2018-2360 1 Sap 1 Sap Kernel 2023-12-10 5.0 MEDIUM 7.5 HIGH
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.
CVE-2017-5637 2 Apache, Debian 2 Zookeeper, Debian Linux 2023-12-10 5.0 MEDIUM 7.5 HIGH
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
CVE-2016-7830 1 Sony 10 Pcs-xc1, Pcs-xc1 Firmware, Pcs-xg100 and 7 more 2023-12-10 5.8 MEDIUM 8.8 HIGH
Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.
CVE-2017-4919 1 Vmware 1 Vcenter Server 2023-12-10 6.8 MEDIUM 9.0 CRITICAL
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.
CVE-2017-10804 1 Odoo 1 Odoo 2023-12-10 7.5 HIGH 9.8 CRITICAL
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used.
CVE-2017-3216 5 Greenpacket, Huawei, Mada and 2 more 28 Ox350, Ox350 Firmware, Bm2022 and 25 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
CVE-2017-4055 1 Mcafee 1 Advanced Threat Defense 2023-12-10 5.0 MEDIUM 7.5 HIGH
Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization.