Total
3933 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36466 | 1 Discourse | 1 Discourse | 2024-11-21 | 3.5 Low |
| Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse. | ||||
| CVE-2023-35940 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 7.5 High |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue. | ||||
| CVE-2023-35901 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2024-11-21 | 2.7 Low |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380. | ||||
| CVE-2023-35794 | 1 Cassianetworks | 1 Access Controller | 2024-11-21 | 8.8 High |
| An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console. | ||||
| CVE-2023-35785 | 1 Zohocorp | 17 Manageengine Ad360, Manageengine Adaudit Plus, Manageengine Admanager Plus and 14 more | 2024-11-21 | 8.1 High |
| Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability. | ||||
| CVE-2023-35154 | 1 Eng | 1 Knowage | 2024-11-21 | 7.2 High |
| Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8. | ||||
| CVE-2023-35137 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2024-11-21 | 7.5 High |
| An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device. | ||||
| CVE-2023-34340 | 1 Apache | 1 Accumulo | 2024-11-21 | 9.8 Critical |
| Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo. This issue affects Apache Accumulo: 2.1.0. Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1. | ||||
| CVE-2023-34196 | 1 Keyfactor | 1 Ejbca | 2024-11-21 | 8.2 High |
| In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur. | ||||
| CVE-2023-34137 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | 9.8 Critical |
| SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
| CVE-2023-33563 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-11-21 | 8.8 High |
| In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | ||||
| CVE-2023-33363 | 1 Supremainc | 1 Biostar 2 | 2024-11-21 | 7.5 High |
| An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers. | ||||
| CVE-2023-33274 | 1 Voltronicpower | 1 Snmp Web Pro | 2024-11-21 | 9.8 Critical |
| The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and affects all instances of SNMP Web Pro 1.1 without HTTP Digest authentication enabled, regardless of the password used for the web interface. | ||||
| CVE-2023-33237 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-11-21 | 8.8 High |
| TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors. | ||||
| CVE-2023-33190 | 2 Sealos, Sealos Project | 2 Sealos, Sealos | 2024-11-21 | 10 Critical |
| Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.1-rc4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-33054 | 1 Qualcomm | 336 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 333 more | 2024-11-21 | 9.1 Critical |
| Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. | ||||
| CVE-2023-32661 | 1 Intel | 3 Nuc Kit Nuc7cjyh, Nuc Kit Nuc7pjyh, Realtek Sd Card Reader Driver | 2024-11-21 | 6.7 Medium |
| Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software before version 10.0.19041.29098 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32453 | 1 Dell | 222 Alienware M15 R7, Alienware M15 R7 Firmware, Alienware M16 and 219 more | 2024-11-21 | 4.6 Medium |
| Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator. | ||||
| CVE-2023-32202 | 1 Walchem | 2 Intuition 9, Intuition 9 Firmware | 2024-11-21 | 6.5 Medium |
| Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device. | ||||
| CVE-2023-32090 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Platform | 2024-11-21 | 9.8 Critical |
| Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials | ||||