Skip to main content

CWE-419

Unprotected Primary Channel

9 CVEs Avg CVSS 7.6 MITRE
2
CRITICAL
5
HIGH
1
MEDIUM
1
LOW
2
POC
0
KEV

Monthly

CVE-2025-24030 Go HIGH PATCH This Month

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Path Traversal Kubernetes Gateway Red Hat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-50588 CRITICAL Act Now

An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-39886 LOW Monitor

TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
3.7
EPSS
0.3%
CVE-2024-2414 HIGH This Week

The primary channel is unprotected on Movistar 4G router affecting E version S_WLD71-T1_v2.0.201820. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-30859 CRITICAL POC Act Now

Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Triton
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-33932 MEDIUM This Month

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Emc Powerscale Onefs
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-11248 HIGH POC PATCH THREAT This Week

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Kubernetes
NVD GitHub
CVSS 3.1
8.2
EPSS
61.1%
CVE-2018-12120 HIGH PATCH This Week

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Node.js Node Js
NVD
CVSS 3.1
8.1
EPSS
4.3%
CVE-2018-12539 HIGH PATCH This Week

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Java Microsoft IBM Information Disclosure Openj9 +1
NVD
CVSS 3.0
7.8
EPSS
0.5%
EPSS 0% CVSS 7.1
HIGH PATCH This Month

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Path Traversal Kubernetes Gateway +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
EPSS 0% CVSS 3.7
LOW Monitor

TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The primary channel is unprotected on Movistar 4G router affecting E version S_WLD71-T1_v2.0.201820. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Triton
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Emc Powerscale Onefs
NVD
EPSS 61% CVSS 8.2
HIGH POC PATCH THREAT This Week

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Kubernetes
NVD GitHub
EPSS 4% CVSS 8.1
HIGH PATCH This Week

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Node.js Node Js
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Java Microsoft IBM +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy