The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product’s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services.
Max CVSS
9.8
EPSS Score
0.17%
Published
2019-03-26
Updated
2020-02-10
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.
Max CVSS
9.8
EPSS Score
0.71%
Published
2019-11-06
Updated
2019-11-08
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.
Max CVSS
8.8
EPSS Score
0.23%
Published
2019-12-26
Updated
2020-01-03
cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system
Max CVSS
9.8
EPSS Score
3.40%
Published
2019-12-20
Updated
2020-11-16

CVE-2013-1391

Public exploit
Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.
Max CVSS
7.5
EPSS Score
97.21%
Published
2019-10-30
Updated
2019-11-05
Monkey HTTP Daemon: broken user name authentication
Max CVSS
9.8
EPSS Score
4.23%
Published
2019-12-10
Updated
2020-03-26
An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.
Max CVSS
9.8
EPSS Score
0.55%
Published
2019-11-14
Updated
2019-11-20
An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2.
Max CVSS
9.8
EPSS Score
0.66%
Published
2019-12-26
Updated
2020-01-09
Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging".
Max CVSS
9.8
EPSS Score
0.33%
Published
2019-12-26
Updated
2020-01-16
Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.
Max CVSS
10.0
EPSS Score
0.24%
Published
2019-11-13
Updated
2020-02-10
RubyGem omniauth-facebook has an access token security vulnerability
Max CVSS
7.5
EPSS Score
1.04%
Published
2019-12-11
Updated
2019-12-16
Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities
Max CVSS
9.8
EPSS Score
0.42%
Published
2019-12-27
Updated
2020-01-04
Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials
Max CVSS
9.8
EPSS Score
53.98%
Published
2019-12-27
Updated
2020-01-10
AVTECH AVN801 DVR has a security bypass via the administration login captcha
Max CVSS
9.8
EPSS Score
12.58%
Published
2019-12-27
Updated
2020-01-15
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
Max CVSS
5.9
EPSS Score
0.16%
Published
2019-11-05
Updated
2019-11-12
Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage
Max CVSS
9.4
EPSS Score
0.38%
Published
2019-02-15
Updated
2019-02-21
suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-12-13
Updated
2019-12-17
wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.
Max CVSS
7.5
EPSS Score
0.11%
Published
2019-11-21
Updated
2019-12-04
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.
Max CVSS
9.8
EPSS Score
0.36%
Published
2019-03-26
Updated
2019-10-09
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
Max CVSS
7.4
EPSS Score
0.07%
Published
2019-08-01
Updated
2023-03-03
python-requests-Kerberos through 0.5 does not handle mutual authentication
Max CVSS
9.8
EPSS Score
0.88%
Published
2019-12-15
Updated
2019-12-19
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.
Max CVSS
9.8
EPSS Score
0.31%
Published
2019-08-22
Updated
2019-08-29
Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.
Max CVSS
7.5
EPSS Score
0.16%
Published
2019-03-25
Updated
2019-10-09
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
Max CVSS
10.0
EPSS Score
0.21%
Published
2019-03-25
Updated
2019-10-09
AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application.
Max CVSS
9.8
EPSS Score
0.52%
Published
2019-04-03
Updated
2019-04-04
670 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!