Total
3717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1833 | 1 Redline | 1 Router Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17. | |||||
| CVE-2023-1803 | 1 Redline | 1 Router Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17. | |||||
| CVE-2023-1784 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699. | |||||
| CVE-2023-1778 | 1 Gajshield | 2 Data Security Firewall, Data Security Firewall Firmware | 2024-11-21 | N/A | 10.0 CRITICAL |
| This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems. The vulnerability has been addressed by forcing the user to change their default password to a new non-default password. | |||||
| CVE-2023-1752 | 1 Getnexx | 8 Nxal-100, Nxal-100 Firmware, Nxg-100b and 5 more | 2024-11-21 | N/A | 8.1 HIGH |
| The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address. | |||||
| CVE-2023-1617 | 1 Br-automation | 1 Vc4 | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization. This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9. | |||||
| CVE-2023-1477 | 1 Hypr | 1 Keycloak Authenticator | 2024-11-21 | N/A | 7.2 HIGH |
| Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3. | |||||
| CVE-2023-1464 | 1 Medicine Tracker System Project | 1 Medicine Tracker System | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file Users.php?f=save_user. The manipulation of the argument firstname/middlename/lastname/username/password leads to improper authentication. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-223311. | |||||
| CVE-2023-1460 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file admin/ajax.php?action=save_user of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The identifier VDB-223305 was assigned to this vulnerability. | |||||
| CVE-2023-1327 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password. | |||||
| CVE-2023-1065 | 1 Snyk | 1 Kubernetes Monitor | 2024-11-21 | N/A | 6.5 MEDIUM |
| This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose the user of the integration to any direct security risk and no user data can be leaked. To exploit the vulnerability the attacker does not need to be authenticated to Snyk but does need to know the target's Integration ID (which may or may not be the same as the Organization ID, although this is an unpredictable UUID in either case). | |||||
| CVE-2023-0905 | 1 Employee Task Management System Project | 1 Employee Task Management System | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0863 | 1 Abb | 16 Terra Ac Wallbox 80a, Terra Ac Wallbox 80a Firmware, Terra Ac Wallbox Ce Juno and 13 more | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5. | |||||
| CVE-2023-0858 | 1 Canon | 90 I-sensys Lbp621cw, I-sensys Lbp621cw Firmware, I-sensys Lbp623cdw and 87 more | 2024-11-21 | N/A | 3.1 LOW |
| Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the product. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | |||||
| CVE-2023-0813 | 1 Redhat | 2 Enterprise Linux, Network Observability | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication. | |||||
| CVE-2023-0773 | 1 Uniview | 2 Ipc322lb-sf28-a, Ipc322lb-sf28-a Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device. | |||||
| CVE-2023-0311 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | |||||
| CVE-2023-0264 | 1 Redhat | 6 Enterprise Linux, Keycloak, Openshift Container Platform and 3 more | 2024-11-21 | N/A | 5.0 MEDIUM |
| A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability. | |||||
| CVE-2023-0228 | 1 Abb | 1 Symphony Plus S\+ Operations | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2. | |||||
| CVE-2023-0209 | 1 Nvidia | 2 Dgx-1, Sbios | 2024-11-21 | N/A | 8.2 HIGH |
| NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass. | |||||