Total
3369 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33274 | 1 Voltronicpower | 1 Snmp Web Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
| The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and affects all instances of SNMP Web Pro 1.1 without HTTP Digest authentication enabled, regardless of the password used for the web interface. | |||||
| CVE-2023-33237 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors. | |||||
| CVE-2023-33070 | 1 Qualcomm | 204 Apq5053-aa, Apq5053-aa Firmware, Aqt1000 and 201 more | 2024-11-21 | N/A | 7.1 HIGH |
| Transient DOS in Automotive OS due to improper authentication to the secure IO calls. | |||||
| CVE-2023-33054 | 1 Qualcomm | 336 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 333 more | 2024-11-21 | N/A | 9.1 CRITICAL |
| Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. | |||||
| CVE-2023-32682 | 1 Matrix | 1 Synapse | 2024-11-21 | N/A | 5.4 MEDIUM |
| Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the `jwt_config.enabled` configuration setting. 2. The local password database is enabled via the `password_config.enabled` and `password_config.localdb_enabled` configuration settings *and* a user's password is updated via an admin API after a user is deactivated. Note that the local password database is enabled by default, but it is uncommon to set a user's password after they've been deactivated. Installations that are configured to only allow login via Single Sign-On (SSO) via CAS, SAML or OpenID Connect (OIDC); or via an external password provider (e.g. LDAP) are not affected. If not using JSON Web Tokens, ensure that deactivated users do not have a password set. This issue has been addressed in version 1.85.0. Users are advised to upgrade. | |||||
| CVE-2023-32661 | 1 Intel | 3 Nuc Kit Nuc7cjyh, Nuc Kit Nuc7pjyh, Realtek Sd Card Reader Driver | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software before version 10.0.19041.29098 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32620 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network. | |||||
| CVE-2023-32524 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A | 8.8 HIGH |
| Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523. | |||||
| CVE-2023-32523 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A | 8.8 HIGH |
| Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524. | |||||
| CVE-2023-32453 | 1 Dell | 222 Alienware M15 R7, Alienware M15 R7 Firmware, Alienware M16 and 219 more | 2024-11-21 | N/A | 4.6 MEDIUM |
| Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator. | |||||
| CVE-2023-32347 | 1 Teltonika | 1 Remote Management System | 2024-11-21 | N/A | 8.1 HIGH |
| Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices. | |||||
| CVE-2023-32243 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1. | |||||
| CVE-2023-32222 | 1 Dlink | 2 Dsl-g256dg, Dsl-g256dg Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method. | |||||
| CVE-2023-32220 | 1 Milesight | 2 Ncr\/camera, Ncr\/camera Firmware | 2024-11-21 | N/A | 8.2 HIGH |
| Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method. | |||||
| CVE-2023-32202 | 1 Walchem | 2 Intuition 9, Intuition 9 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device. | |||||
| CVE-2023-32090 | 1 Pega | 1 Pega Platform | 2024-11-21 | N/A | 9.8 CRITICAL |
| Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials | |||||
| CVE-2023-32081 | 1 Eclipse | 1 Vert.x Stomp | 2024-11-21 | N/A | 6.5 MEDIUM |
| Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted. The issue is patched in Vert.x 3.9.16 and 4.4.2. There are no trivial workarounds. | |||||
| CVE-2023-31634 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126. | |||||
| CVE-2023-31292 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-11-21 | N/A | 5.5 MEDIUM |
| An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack. | |||||
| CVE-2023-31242 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | N/A | 8.1 HIGH |
| An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability. | |||||