Total
107 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15787 | 1 Siemens | 2 Simatic Hmi United Comfort Panels, Simatic Hmi United Comfort Panels Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. | |||||
| CVE-2020-14359 | 1 Redhat | 1 Louketo Proxy | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers. | |||||
| CVE-2020-10923 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642. | |||||
| CVE-2024-20463 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-31 | N/A | 7.1 HIGH |
| A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition. | |||||
| CVE-2024-5956 | 1 Trellix | 1 Intrusion Prevention System Manager | 2024-09-06 | N/A | 5.3 MEDIUM |
| This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly | |||||
| CVE-2024-5957 | 1 Trellix | 1 Intrusion Prevention System Manager | 2024-09-06 | N/A | 7.5 HIGH |
| This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager. | |||||
| CVE-2024-4784 | 1 Gitlab | 1 Gitlab | 2024-08-23 | N/A | 5.4 MEDIUM |
| An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy. | |||||