Total
1221 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27377 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-27376 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-27375 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-27261 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 6.5 MEDIUM |
| Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | |||||
| CVE-2023-27259 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. | |||||
| CVE-2023-27258 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. | |||||
| CVE-2023-27257 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. | |||||
| CVE-2023-27256 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 5.3 MEDIUM |
| Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | |||||
| CVE-2023-26576 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-26575 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. | |||||
| CVE-2023-26574 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-26573 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 9.1 CRITICAL |
| Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. | |||||
| CVE-2023-26571 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. | |||||
| CVE-2023-26570 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||
| CVE-2022-39412 | 1 Oracle | 1 Access Manager | 2024-09-23 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2024-7015 | 1 Profelis | 1 Passbox | 2024-09-23 | N/A | 9.8 CRITICAL |
| Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2. | |||||
| CVE-2022-25770 | 2024-09-20 | N/A | 7.8 HIGH | ||
| Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable. | |||||
| CVE-2023-5253 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-09-20 | N/A | 7.5 HIGH |
| A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information. | |||||
| CVE-2023-46381 | 1 Loytec | 6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more | 2024-09-19 | N/A | 8.2 HIGH |
| LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. | |||||
| CVE-2023-21839 | 1 Oracle | 1 Weblogic Server | 2024-09-19 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||