Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29061 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-11-21 | 5.2 Medium |
| There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication. | ||||
| CVE-2023-29060 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-11-21 | 5.4 Medium |
| The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data. | ||||
| CVE-2023-28326 | 1 Apache | 1 Openmeetings | 2024-11-21 | 9.8 Critical |
| Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room | ||||
| CVE-2023-27377 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | ||||
| CVE-2023-27376 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | ||||
| CVE-2023-27375 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | ||||
| CVE-2023-27261 | 1 Idattend | 1 Idweb | 2024-11-21 | 5.3 Medium |
| Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | ||||
| CVE-2023-27259 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. | ||||
| CVE-2023-27258 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. | ||||
| CVE-2023-27257 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. | ||||
| CVE-2023-27256 | 1 Idattend | 1 Idweb | 2024-11-21 | 5.8 Medium |
| Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | ||||
| CVE-2023-26580 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. | ||||
| CVE-2023-26579 | 1 Idattend | 1 Idweb | 2024-11-21 | 5.3 Medium |
| Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. | ||||
| CVE-2023-26576 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | ||||
| CVE-2023-26575 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. | ||||
| CVE-2023-26574 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | ||||
| CVE-2023-26573 | 1 Idattend | 1 Idweb | 2024-11-21 | 8.2 High |
| Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. | ||||
| CVE-2023-26571 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. | ||||
| CVE-2023-26570 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | ||||
| CVE-2023-25493 | 2024-11-21 | 6.7 Medium | ||
| A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code. | ||||