Total
3369 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6514 | 1 Huawei | 2 Ajmd-370s, Ajmd-370s Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions. Successful exploitation of this vulnerability may allow attackers to access restricted functions. | |||||
| CVE-2023-6483 | 1 Aditaas | 1 Allied Digital Integrated Tool-as-a-service | 2024-11-21 | N/A | 9.1 CRITICAL |
| The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable platform. Successful exploitation of this vulnerability could allow the attacker to gain full access to the customers’ data and completely compromise the targeted platform. | |||||
| CVE-2023-6354 | 1 Tylertech | 1 Court Case Management Plus | 2024-11-21 | N/A | 5.3 MEDIUM |
| Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter. | |||||
| CVE-2023-6353 | 1 Tylertech | 1 Court Case Management Plus | 2024-11-21 | N/A | 5.3 MEDIUM |
| Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter. | |||||
| CVE-2023-6344 | 1 Tylertech | 1 Court Case Management Plus | 2024-11-21 | N/A | 5.3 MEDIUM |
| Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352. | |||||
| CVE-2023-6343 | 1 Tylertech | 1 Court Case Management Plus | 2024-11-21 | N/A | 5.3 MEDIUM |
| Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352. | |||||
| CVE-2023-6342 | 1 Tylertech | 1 Court Case Management Plus | 2024-11-21 | N/A | 5.3 MEDIUM |
| Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01. | |||||
| CVE-2023-6329 | 1 Controlid | 1 Idsecure | 2024-11-21 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user. | |||||
| CVE-2023-6155 | 1 Ays-pro | 1 Quiz Maker | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses. | |||||
| CVE-2023-5970 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2024-11-21 | N/A | 8.8 HIGH |
| Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. | |||||
| CVE-2023-5844 | 1 Pimcore | 1 Admin Classic Bundle | 2024-11-21 | N/A | 7.2 HIGH |
| Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0. | |||||
| CVE-2023-5808 | 2 Hitachi, Microsoft | 2 Vantara Hitachi Network Attached Storage, Windows | 2024-11-21 | N/A | 7.6 HIGH |
| SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role. | |||||
| CVE-2023-5627 | 1 Moxa | 54 Nport 6150, Nport 6150-t, Nport 6150-t Firmware and 51 more | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service. | |||||
| CVE-2023-5376 | 1 Korenix | 84 Jetnet 4508, Jetnet 4508-w, Jetnet 4508-w Firmware and 81 more | 2024-11-21 | N/A | 8.6 HIGH |
| An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01. | |||||
| CVE-2023-5329 | 1 F-logic | 2 Datacube4, Datacube4 Firmware | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used. VDB-241030 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-5328 | 1 Sato | 2 Cl4nx-j Plus, Cl4nx-j Plus Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2. This affects an unknown part of the component Cookie Handler. The manipulation with the input auth=user,level1,settings; web=true leads to improper authentication. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-241029 was assigned to this vulnerability. | |||||
| CVE-2023-5326 | 1 Sato | 2 Cl4nx-j Plus, Cl4nx-j Plus Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component WebConfig. The manipulation leads to improper authentication. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241027. | |||||
| CVE-2023-5246 | 1 Sick | 26 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gent00010 and 23 more | 2024-11-21 | N/A | 8.8 HIGH |
| Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay. | |||||
| CVE-2023-52161 | 1 Intel | 1 Inet Wireless Daemon | 2024-11-21 | N/A | 7.5 HIGH |
| The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key. | |||||
| CVE-2023-52160 | 6 Debian, Fedoraproject, Google and 3 more | 7 Debian Linux, Fedora, Android and 4 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. | |||||