Total
3930 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36655 | 1 Prolion | 1 Cryptospike | 2024-11-21 | N/A | 9.8 CRITICAL |
| The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination. | |||||
| CVE-2023-36648 | 1 Prolion | 1 Cryptospike | 2024-11-21 | N/A | 8.2 HIGH |
| Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer). | |||||
| CVE-2023-36466 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 3.5 LOW |
| Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse. | |||||
| CVE-2023-36004 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.5 HIGH |
| Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability | |||||
| CVE-2023-35940 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 7.5 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue. | |||||
| CVE-2023-35901 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2024-11-21 | N/A | 2.7 LOW |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380. | |||||
| CVE-2023-35794 | 1 Cassianetworks | 1 Access Controller | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console. | |||||
| CVE-2023-35785 | 1 Zohocorp | 17 Manageengine Ad360, Manageengine Adaudit Plus, Manageengine Admanager Plus and 14 more | 2024-11-21 | N/A | 8.1 HIGH |
| Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability. | |||||
| CVE-2023-35154 | 1 Eng | 1 Knowage | 2024-11-21 | N/A | 7.2 HIGH |
| Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8. | |||||
| CVE-2023-35137 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device. | |||||
| CVE-2023-34998 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | N/A | 8.1 HIGH |
| An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability. | |||||
| CVE-2023-34388 | 1 Selinc | 2 Sel-451, Sel-451 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| AnĀ Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-34340 | 1 Apache | 1 Accumulo | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo. This issue affects Apache Accumulo: 2.1.0. Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1. | |||||
| CVE-2023-34196 | 1 Keyfactor | 1 Ejbca | 2024-11-21 | N/A | 8.2 HIGH |
| In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur. | |||||
| CVE-2023-34137 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2023-33563 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-11-21 | N/A | 8.8 HIGH |
| In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | |||||
| CVE-2023-33363 | 1 Supremainc | 1 Biostar 2 | 2024-11-21 | N/A | 7.5 HIGH |
| An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers. | |||||
| CVE-2023-33274 | 1 Voltronicpower | 1 Snmp Web Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
| The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and affects all instances of SNMP Web Pro 1.1 without HTTP Digest authentication enabled, regardless of the password used for the web interface. | |||||
| CVE-2023-33237 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors. | |||||
| CVE-2023-33190 | 1 Sealos Project | 1 Sealos | 2024-11-21 | N/A | 9.9 CRITICAL |
| Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.1-rc4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||