Total
2376 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16241 | 1 Amag | 6 En-1dbc, En-1dbc Firmware, En-2dbc and 3 more | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command. | |||||
| CVE-2017-15123 | 1 Redhat | 1 Cloudforms Management Engine | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines. | |||||
| CVE-2017-14417 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services. | |||||
| CVE-2017-14350 | 1 Hp | 1 Application Performance Management | 2026-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. | |||||
| CVE-2017-13997 | 1 Schneider-electric | 2 Wonderware Indusoft Web Studio, Wonderware Intouch | 2026-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server. | |||||
| CVE-2017-12822 | 1 Sentinel | 1 Sentinel Ldk Rte Firmware | 2026-06-17 | 7.5 HIGH | 9.9 CRITICAL |
| Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors. | |||||
| CVE-2017-12733 | 1 Opwglobal | 6 Sitesentinel Integra 100, Sitesentinel Integra 100 Firmware, Sitesentinel Integra 500 and 3 more | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges. | |||||
| CVE-2017-12720 | 1 Smiths-medical | 1 Medfusion 4000 Wireless Syringe Infusion Pump | 2026-06-17 | 6.8 MEDIUM | 8.1 HIGH |
| An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections. | |||||
| CVE-2017-12575 | 1 Aterm | 2 Wg2600hp2, Wg2600hp2 Firmware | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d "REQ_ID=SUPPORT_IF_GET"). | |||||
| CVE-2017-12440 | 1 Openstack | 1 Openstack | 2026-06-17 | 6.0 MEDIUM | 7.5 HIGH |
| Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee. | |||||
| CVE-2017-12155 | 1 Ceph | 1 Ceph | 2026-06-17 | 3.3 LOW | 6.3 MEDIUM |
| A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume. | |||||
| CVE-2017-10854 | 1 Corega | 2 Cg-wgr 1200, Cg-wgr 1200 Firmware | 2026-06-17 | 5.8 MEDIUM | 8.8 HIGH |
| Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors. | |||||
| CVE-2017-10804 | 1 Odoo | 1 Odoo | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used. | |||||
| CVE-2017-10271 | 1 Oracle | 1 Weblogic Server | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2017-0919 | 1 Gitlab | 1 Gitlab | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized. | |||||
| CVE-2016-9496 | 1 Hughes | 8 Dw7000, Dw7000 Firmware, Hn7000s and 5 more | 2026-06-17 | 6.1 MEDIUM | 6.5 MEDIUM |
| Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot. | |||||
| CVE-2016-9369 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2026-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution. | |||||
| CVE-2016-8355 | 1 Smiths-medical | 1 Cadd-solis Medication Safety Software | 2026-06-17 | 9.0 HIGH | 9.9 CRITICAL |
| An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates. | |||||
| CVE-2016-7830 | 1 Sony | 10 Pcs-xc1, Pcs-xc1 Firmware, Pcs-xg100 and 7 more | 2026-06-17 | 5.8 MEDIUM | 8.8 HIGH |
| Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors. | |||||
| CVE-2016-5053 | 1 Osram | 1 Lightify Home | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000. | |||||