Total
1646 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4884 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 6.5 Medium |
| An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication. | ||||
| CVE-2023-4857 | 2024-11-21 | 7.5 High | ||
| An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information. | ||||
| CVE-2023-4815 | 1 Answer | 1 Answer | 2024-11-21 | 8.8 High |
| Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3. | ||||
| CVE-2023-4335 | 3 Broadcom, Intel, Linux | 4 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 and 1 more | 2024-11-21 | 7.5 High |
| Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux | ||||
| CVE-2023-4334 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-11-21 | 7.5 High |
| Broadcom RAID Controller Web server (nginx) is serving private files without any authentication | ||||
| CVE-2023-49693 | 1 Netgear | 1 Prosafe Network Management System | 2024-11-21 | 9.8 Critical |
| NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code. | ||||
| CVE-2023-49115 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2024-11-21 | 7.5 High |
| MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users. | ||||
| CVE-2023-46978 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication. | ||||
| CVE-2023-46819 | 1 Apache | 1 Ofbiz | 2024-11-21 | 5.3 Medium |
| Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09. Users are recommended to upgrade to version 18.12.09 | ||||
| CVE-2023-46249 | 1 Goauthentik | 1 Authentik | 2024-11-21 | 9.7 Critical |
| authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the default admin user, which can also optionally set the default admin users' password from an environment variable. When the user is deleted, the `initial-setup` flow used to configure authentik after the first installation becomes available again. authentik 2023.8.4 and 2023.10.2 fix this issue. As a workaround, ensure the default admin user (Username `akadmin`) exists and has a password set. It is recommended to use a very strong password for this user, and store it in a secure location like a password manager. It is also possible to deactivate the user to prevent any logins as akadmin. | ||||
| CVE-2023-45851 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2024-11-21 | 8.8 High |
| The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device | ||||
| CVE-2023-45220 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2024-11-21 | 8.8 High |
| The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. | ||||
| CVE-2023-45140 | 1 Ovh | 1 The-bastion | 2024-11-21 | 4.8 Medium |
| The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnormal behavior only applies to per-group-based JIT MFA. Other MFA setup types, such as Immediate MFA, JIT MFA on a per-plugin basis and JIT MFA on a per-account basis are not affected. This issue has been patched in version 3.14.15. | ||||
| CVE-2023-44152 | 4 Acronis, Apple, Linux and 1 more | 4 Cyber Protect, Macos, Linux Kernel and 1 more | 2024-11-21 | 9.1 Critical |
| Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | ||||
| CVE-2023-44116 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.8 Critical |
| Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized. | ||||
| CVE-2023-43644 | 1 Sagernet | 1 Sing-box | 2024-11-21 | 9.1 Critical |
| Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to sing-box 1.4.4 or to 1.5.0-rc.4. Users unable to update should not expose the SOCKS5 inbound to insecure environments. | ||||
| CVE-2023-43271 | 1 70mai | 2 A500s, A500s Firmware | 2024-11-21 | 9.1 Critical |
| Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols. | ||||
| CVE-2023-43045 | 1 Ibm | 1 Sterling Partner Engagement Manager | 2024-11-21 | 5.9 Medium |
| IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896. | ||||
| CVE-2023-41918 | 2024-11-21 | 10 Critical | ||
| A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code. | ||||
| CVE-2023-41367 | 1 Sap | 1 Netweaver | 2024-11-21 | 5.3 Medium |
| Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s email address. There is no integrity/availability impact. | ||||