Total
3327 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-22442 | 1 Hpe | 1 3par Service Provider | 2024-09-05 | N/A | 9.8 CRITICAL |
The vulnerability could be remotely exploited to bypass authentication. | |||||
CVE-2024-7346 | 1 Progress | 1 Openedge | 2024-09-05 | N/A | 4.8 MEDIUM |
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security. The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation. | |||||
CVE-2024-44821 | 2024-09-05 | N/A | 5.3 MEDIUM | ||
ZZCMS 2023 contains a vulnerability in the captcha reuse logic located in /inc/function.php. The checkyzm function does not properly refresh the captcha value after a failed validation attempt. As a result, an attacker can exploit this flaw by repeatedly submitting the same incorrect captcha response, allowing them to capture the correct captcha value through error messages. | |||||
CVE-2024-7745 | 1 Progress | 1 Ws Ftp Server | 2024-09-04 | N/A | 8.1 HIGH |
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only. | |||||
CVE-2024-7870 | 2024-09-04 | N/A | 6.5 MEDIUM | ||
The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files. | |||||
CVE-2024-6057 | 2024-08-29 | N/A | 9.8 CRITICAL | ||
Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature. | |||||
CVE-2024-27835 | 2024-08-29 | N/A | 2.4 LOW | ||
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen. | |||||
CVE-2023-52161 | 1 Intel | 1 Inet Wireless Daemon | 2024-08-29 | N/A | 7.5 HIGH |
The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key. | |||||
CVE-2024-42164 | 1 Fiware | 1 Keyrock | 2024-08-29 | N/A | 4.3 MEDIUM |
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link. | |||||
CVE-2024-42462 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | N/A | 9.8 CRITICAL |
Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9. | |||||
CVE-2022-4861 | 1 M-files | 1 M-files Client | 2024-08-28 | N/A | 4.9 MEDIUM |
Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource. | |||||
CVE-2024-28012 | 2024-08-27 | N/A | 9.8 CRITICAL | ||
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet. | |||||
CVE-2023-52160 | 6 Debian, Fedoraproject, Google and 3 more | 7 Debian Linux, Fedora, Android and 4 more | 2024-08-27 | N/A | 6.5 MEDIUM |
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. | |||||
CVE-2024-24279 | 2024-08-27 | N/A | 8.8 HIGH | ||
An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower functions. | |||||
CVE-2024-42336 | 1 Servision | 1 Ivg Webmax | 2024-08-27 | N/A | 9.8 CRITICAL |
Servision - CWE-287: Improper Authentication | |||||
CVE-2024-45036 | 2024-08-27 | N/A | 4.3 MEDIUM | ||
Tophat is a mobile applications testing harness. An Improper Access Control vulnerability can expose the `TOPHAT_APP_TOKEN` token stored in `~/.tophatrc` through use of a malicious Tophat URL controlled by the attacker. The vulnerability allows Tophat to send this token to the attacker's server without any checks to ensure that the server is trusted. This token can then be used to access internal build artifacts, for mobile applications, not intended to be public. The issue has been patched as of version 1.10.0. The ability to request artifacts using a Tophat API has been deprecated as this flow was inherently insecure. Systems that have implemented this kind of endpoint should cease use and invalidate the token immediately. There are no workarounds and all users should update as soon as possible. | |||||
CVE-2024-25313 | 1 Code-projects | 1 Simple School Management System | 2024-08-26 | N/A | 8.8 HIGH |
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php. | |||||
CVE-2024-43409 | 1 Ghost | 1 Ghost | 2024-08-26 | N/A | 6.5 MEDIUM |
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue. | |||||
CVE-2024-41800 | 1 Craftcms | 1 Craft Cms | 2024-08-26 | N/A | 7.5 HIGH |
Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3. | |||||
CVE-2024-36444 | 2024-08-26 | N/A | 8.1 HIGH | ||
cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker to gain access to device logs. |