Total
1416 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-27055 | 1 Ecjia | 1 Daojia | 2024-08-03 | 5.0 MEDIUM | 7.5 HIGH |
ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record password. NOTE: the vendor disputes this because the environment file is in the data directory, which is not intended for access by website visitors (only the statics directory can be accessed by website visitors) | |||||
CVE-2022-24584 | 1 Yubico | 1 Otp | 2024-08-03 | 4.0 MEDIUM | 6.5 MEDIUM |
Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by "writing" it on a token using the Yubico Personalization Tool, they can then upload the new configuration to Yubicos OTP validation servers. NOTE: the vendor disputes this because there is no way for a YubiKey device to prevent a user from deciding that a secret value, which is imported into the device, should also be stored elsewhere | |||||
CVE-2023-36092 | 1 Dlink | 2 Dir-859, Dir-859 Firmware | 2024-08-02 | N/A | 9.8 CRITICAL |
Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2023-36091 | 1 Dlink | 2 Dir-895l, Dir-895l Firmware | 2024-08-02 | N/A | 9.8 CRITICAL |
Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2023-36090 | 1 Dlink | 2 Dir-885l, Dir-885l Firmware | 2024-08-02 | N/A | 9.8 CRITICAL |
Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2023-36089 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2024-08-02 | N/A | 9.8 CRITICAL |
Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2023-32783 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Adaudit Plus | 2024-08-02 | N/A | 7.5 HIGH |
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour." | |||||
CVE-2024-36265 | 2024-08-02 | N/A | N/A | ||
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2024-27139 | 2024-08-02 | N/A | 7.5 HIGH | ||
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2024-36536 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | |||||
CVE-2024-25652 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users. | |||||
CVE-2023-28270 | 1 Microsoft | 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more | 2024-08-01 | N/A | 6.8 MEDIUM |
Windows Lock Screen Security Feature Bypass Vulnerability | |||||
CVE-2023-28249 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-08-01 | N/A | 6.8 MEDIUM |
Windows Boot Manager Security Feature Bypass Vulnerability | |||||
CVE-2023-24932 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-08-01 | N/A | 6.7 MEDIUM |
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2023-24052 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password. | |||||
CVE-2023-24051 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks. | |||||
CVE-2023-24047 | 2024-08-01 | N/A | 6.8 MEDIUM | ||
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm. | |||||
CVE-2022-30203 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-08-01 | 4.6 MEDIUM | 7.4 HIGH |
Windows Boot Manager Security Feature Bypass Vulnerability | |||||
CVE-2022-21894 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2024-08-01 | 4.9 MEDIUM | 4.4 MEDIUM |
Secure Boot Security Feature Bypass Vulnerability | |||||
CVE-2021-40456 | 1 Microsoft | 3 Windows Server, Windows Server 2019, Windows Server 2022 | 2024-08-01 | 5.0 MEDIUM | 5.3 MEDIUM |
Windows AD FS Security Feature Bypass Vulnerability |