Total
4062 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23471 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 9.6 Critical |
| The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. | ||||
| CVE-2024-23470 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 9.6 Critical |
| The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to run commands and executables. | ||||
| CVE-2024-23465 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 8.3 High |
| The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment. | ||||
| CVE-2024-22442 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2024-11-21 | 9.8 Critical |
| The vulnerability could be remotely exploited to bypass authentication. | ||||
| CVE-2024-22394 | 1 Sonicwall | 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more | 2024-11-21 | 9.8 Critical |
| An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. | ||||
| CVE-2024-22247 | 2024-11-21 | 4.8 Medium | ||
| VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be able to exploit the default boot priority configured. | ||||
| CVE-2024-22245 | 2024-11-21 | 9.6 Critical | ||
| Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs). | ||||
| CVE-2024-22206 | 1 Clerk | 1 Javascript | 2024-11-21 | 9.1 Critical |
| Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3. | ||||
| CVE-2024-21899 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 9.8 Critical |
| An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2024-21654 | 1 Rubygems | 1 Rubygems.org | 2024-11-21 | 4.8 Medium |
| Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a. | ||||
| CVE-2024-20900 | 1 Samsung | 1 Android | 2024-11-21 | 4 Medium |
| Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication. | ||||
| CVE-2024-20890 | 1 Samsung | 1 Android | 2024-11-21 | 5.3 Medium |
| Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior. | ||||
| CVE-2024-20889 | 1 Samsung | 1 Android | 2024-11-21 | 5.9 Medium |
| Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices. | ||||
| CVE-2024-20816 | 1 Samsung | 1 Android | 2024-11-21 | 8 High |
| Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness. | ||||
| CVE-2024-20815 | 1 Samsung | 1 Android | 2024-11-21 | 8 High |
| Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness. | ||||
| CVE-2024-20803 | 1 Samsung | 1 Android | 2024-11-21 | 6.8 Medium |
| Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction. | ||||
| CVE-2024-20738 | 2 Adobe, Microsoft | 2 Framemaker Publishing Server, Windows | 2024-11-21 | 9.8 Critical |
| Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass authentication mechanisms and gain unauthorized access. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-1573 | 2024-11-21 | 5.9 Medium | ||
| Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: * Active Directory is used in the security setting. * “Automatic log in” option is enabled in the security setting. * The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. * The IcoAnyGlass IIS Application Pool account is included in GENESIS64TM and MC Works64 Security and has permission to log in. | ||||
| CVE-2024-1148 | 1 Opentext | 1 Pvcs Version Manager | 2024-11-21 | 9.8 Critical |
| Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files. | ||||
| CVE-2024-1147 | 1 Opentext | 1 Pvcs Version Manager | 2024-11-21 | 9.8 Critical |
| Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files. | ||||