Total
3820 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42462 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | 9.8 Critical |
| Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9. | ||||
| CVE-2024-45036 | 2024-08-27 | N/A | ||
| Tophat is a mobile applications testing harness. An Improper Access Control vulnerability can expose the `TOPHAT_APP_TOKEN` token stored in `~/.tophatrc` through use of a malicious Tophat URL controlled by the attacker. The vulnerability allows Tophat to send this token to the attacker's server without any checks to ensure that the server is trusted. This token can then be used to access internal build artifacts, for mobile applications, not intended to be public. The issue has been patched as of version 1.10.0. The ability to request artifacts using a Tophat API has been deprecated as this flow was inherently insecure. Systems that have implemented this kind of endpoint should cease use and invalidate the token immediately. There are no workarounds and all users should update as soon as possible. | ||||
| CVE-2024-42336 | 1 Servision | 1 Ivg Webmax | 2024-08-27 | 8.2 High |
| Servision - CWE-287: Improper Authentication | ||||
| CVE-2024-7746 | 1 Traccar | 2 Server, Traccar | 2024-08-22 | 9.8 Critical |
| Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwise be protected by the authentication mechanism. These transactions could have an impact on any sensitive aspect of the platform, including Confidentiality, Integrity and Availability. | ||||
| CVE-2024-37028 | 1 F5 | 1 Big-ip Next Central Manager | 2024-08-20 | 5.3 Medium |
| BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-6078 | 1 Rockwellautomation | 1 Datamosaix | 2024-08-19 | N/A |
| CVE-2024-6078 IMPACT An improper authentication vulnerability exists in the affected product, which could allow a malicious user to generate cookies for any user ID without the use of a username or password. If exploited, a malicious user could take over the account of a legitimate user. The malicious user would be able to view and modify data stored in the cloud. | ||||
| CVE-2022-4002 | 1 Motorola | 3 Q14, Q14 Firmware, Q14 Mesh Router Firmware | 2024-08-13 | 7.2 High |
| A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request. | ||||
| CVE-2019-6198 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | 7.8 High |
| A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. | ||||
| CVE-2019-6197 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | 7.8 High |
| A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. | ||||
| CVE-2024-35775 | 2024-08-13 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloquy: from n/a through 2.7.6. | ||||
| CVE-2024-34788 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-08-12 | 6.5 Medium |
| An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information | ||||
| CVE-2024-7395 | 1 Korenix | 1 Jetport 5601 | 2024-08-07 | N/A |
| An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access functionality on the device without specifying a password.This issue affects JetPort 5601v3: through 1.2. | ||||
| CVE-2022-4001 | 1 Motorola | 1 Q14 Mesh Router Firmware | 2024-08-01 | 7.3 High |
| An authentication bypass vulnerability could allow an attacker to access API functions without authentication. | ||||
| CVE-2019-9619 | 2023-11-07 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | ||||
| CVE-2017-5735 | 1 Redhat | 1 Enterprise Linux | 2023-11-07 | N/A |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | ||||
| CVE-2017-5734 | 1 Redhat | 1 Enterprise Linux | 2023-11-07 | N/A |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | ||||
| CVE-2017-5733 | 1 Redhat | 1 Enterprise Linux | 2023-11-07 | N/A |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | ||||
| CVE-2017-5732 | 1 Redhat | 1 Enterprise Linux | 2023-11-07 | N/A |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | ||||
| CVE-2016-6251 | 2023-11-07 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | ||||
| CVE-2008-1683 | 2023-11-07 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-0887. Reason: This candidate is a duplicate of CVE-2008-0887. Notes: All CVE users should reference CVE-2008-0887 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | ||||