Total
2009 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31033 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
|
NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.
|
|||||
| CVE-2023-30744 | 1 Sap | 1 Netweaver Application Server For Java | 2024-11-21 | N/A | 8.2 HIGH |
|
In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication. A subsequent call to one of these methods can read or change the state of existing services without any effect on availability.
|
|||||
| CVE-2023-30643 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.7 HIGH |
|
Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications.
|
|||||
| CVE-2023-30612 | 1 Cloudhypervisor | 1 Cloud Hypervisor | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily crashed, causing Deny-of-Service (DoS). This can also be a potential Use-After-Free (UAF) vulnerability. Users require to have the write access to the API socket file to trigger this vulnerability. Impacted ...
Show More |
|||||
| CVE-2023-30604 | 1 Hitrontech | 2 Coda-5310, Coda-5310 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. An unauthorized remote attacker can exploit this vulnerability to access system configuration interface, resulting in performing arbitrary system operation or disrupt service.
|
|||||
| CVE-2023-2834 | 1 Stylemixthemes | 1 Bookit | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
|
|||||
| CVE-2023-2827 | 1 Sap | 2 Digital Manufacturing, Plant Connectivity | 2024-11-21 | N/A | 7.9 HIGH |
|
SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing.
|
|||||
| CVE-2023-2781 | 1 Wisetr | 1 User Email Verification For Woocommerce | 2024-11-21 | N/A | 8.1 HIGH |
|
The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resend_verification_email function. This allows unauthenticated attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site adminis ...
Show More |
|||||
| CVE-2023-2704 | 1 Vibethemes | 1 Bp Social Connect | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
|
|||||
| CVE-2023-2231 | 1 Max-tech | 2 Max-g866ac, Max-g866ac Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-2187 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2024-11-21 | N/A | 5.3 MEDIUM |
|
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event". Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events.
|
|||||
| CVE-2023-29485 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module. NOTE: Heimdal disputes the validity of this issue arguing that their DNS Security for Endpoint filters DNS traffic on the endpoint by intercepting system-generated DNS requests. The product was not designed to intercept DNS requests from ...
Show More |
|||||
| CVE-2023-29413 | 2 Microsoft, Schneider-electric | 7 Windows 10, Windows 11, Windows Server 2016 and 4 more | 2024-11-21 | N/A | 7.5 HIGH |
|
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause
Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor
service.
|
|||||
| CVE-2023-29411 | 2 Microsoft, Schneider-electric | 7 Windows 10, Windows 11, Windows Server 2016 and 4 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow
changes to administrative credentials, leading to potential remote code execution without
requiring prior authentication on the Java RMI interface.
|
|||||
| CVE-2023-29063 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-11-21 | N/A | 2.4 LOW |
|
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup.
|
|||||
| CVE-2023-29061 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-11-21 | N/A | 5.2 MEDIUM |
|
There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.
|
|||||
| CVE-2023-29060 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.
|
|||||
| CVE-2023-28761 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | N/A | 6.5 MEDIUM |
|
In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity.
|
|||||
| CVE-2023-28697 | 1 Moxa | 2 Miineport E1, Miineport E1 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.
|
|||||
| CVE-2023-28326 | 1 Apache | 1 Openmeetings | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0
Description: Attacker can elevate their privileges in any room
|
|||||
| CVE-2023-27983 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
|
|||||
| CVE-2023-27980 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2024-11-21 | N/A | 8.8 HIGH |
|
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)
|
|||||
| CVE-2023-27497 | 2 Microsoft, Sap | 2 Windows, Diagnostics Agent | 2024-11-21 | N/A | 10.0 CRITICAL |
|
Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.
|
|||||
| CVE-2023-27377 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
|
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
|
|||||
| CVE-2023-27376 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
|
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
|
|||||
| CVE-2023-27375 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
|
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
|
|||||
| CVE-2023-27290 | 1 Ibm | 1 Observability With Instana | 2024-11-21 | N/A | 9.1 CRITICAL |
|
Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737.
|
|||||
| CVE-2023-27267 | 1 Sap | 1 Diagnostics Agent | 2024-11-21 | N/A | 9.0 CRITICAL |
|
Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.
|
|||||
| CVE-2023-27261 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.
|
|||||
| CVE-2023-27259 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
|
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.
|
|||||
| CVE-2023-27258 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
|
Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.
|
|||||
| CVE-2023-27257 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
|
Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.
|
|||||
| CVE-2023-27256 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.
|
|||||
| CVE-2023-26580 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
|
Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.
|
|||||
| CVE-2023-26579 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers.
|
|||||
| CVE-2023-26576 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
|
Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
|
|||||
| CVE-2023-26575 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
|
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.
|
|||||
| CVE-2023-26574 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
|
Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
|
|||||
| CVE-2023-26573 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 8.2 HIGH |
|
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.
|
|||||
| CVE-2023-26571 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
|
Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.
|
|||||