Total
487 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36139 | 1 Phpjabbers | 1 Cleaning Business Software | 2024-11-21 | 9.8 Critical |
| In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | ||||
| CVE-2023-36134 | 1 Phpjabbers | 1 Class Scheduling System | 2024-11-21 | 9.8 Critical |
| In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | ||||
| CVE-2023-35906 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2024-11-21 | 5.3 Medium |
| IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649. | ||||
| CVE-2023-35764 | 2024-11-21 | 5.3 Medium | ||
| Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting. | ||||
| CVE-2023-35719 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 6.8 Medium |
| ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009. | ||||
| CVE-2023-32329 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-11-21 | 6.2 Medium |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972. | ||||
| CVE-2023-30562 | 1 Bd | 1 Alaris Guardrails Editor | 2024-11-21 | 3 Low |
| A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. | ||||
| CVE-2023-30559 | 1 Bd | 2 Alaris 8015 Pcu, Alaris 8015 Pcu Firmware | 2024-11-21 | 5.2 Medium |
| The firmware update package for the wireless card is not properly signed and can be modified. | ||||
| CVE-2023-28863 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | 9.1 Critical |
| AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. | ||||
| CVE-2023-26141 | 2 Contribsys, Redhat | 2 Sidekiq, Satellite | 2024-11-21 | 7.5 High |
| Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests. | ||||
| CVE-2023-20236 | 1 Cisco | 53 8201, 8202, 8208 and 50 more | 2024-11-21 | 6.7 Medium |
| A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device. | ||||
| CVE-2022-44593 | 1 Solidwp | 1 Solid Security | 2024-11-21 | 3.7 Low |
| Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1. | ||||
| CVE-2022-38625 | 1 Patlite | 6 Nbm-d88n, Nbm-d88n Firmware, Nhl-3fb1 and 3 more | 2024-11-21 | 8.8 High |
| Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the vendor's position is that this is a design choice, not a vulnerability | ||||
| CVE-2022-37008 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability. | ||||
| CVE-2022-36360 | 1 Siemens | 4 Logo\!8 Bm, Logo\!8 Bm Fs-05, Logo\!8 Bm Fs-05 Firmware and 1 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker to manipulate a firmware update and flash it to the device. | ||||
| CVE-2022-36130 | 1 Hashicorp | 1 Boundary | 2024-11-21 | 9.9 Critical |
| HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2. | ||||
| CVE-2022-34763 | 1 Schneider-electric | 4 Opc Ua Module For M580, Opc Ua Module For M580 Firmware, X80 Advanced Rtu Module and 1 more | 2024-11-21 | 5.9 Medium |
| A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior) | ||||
| CVE-2022-32252 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker. | ||||
| CVE-2022-31801 | 2 Phoenixcontact, Phoenixcontact-software | 3 Multiprog, Proconos, Proconos Eclr | 2024-11-21 | 9.8 Critical |
| An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. | ||||
| CVE-2022-31800 | 1 Phoenixcontact | 34 Axc 1050, Axc 1050 Firmware, Axc 1050 Xc and 31 more | 2024-11-21 | 9.8 Critical |
| An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. | ||||