Total
1514 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39981 | 1 Moxa | 1 Mxsecurity | 2024-11-21 | 7.5 High |
| A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker. | ||||
| CVE-2023-39930 | 1 Pingidentity | 1 Pingid Radius Pcv | 2024-11-21 | 7.5 High |
| A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request. | ||||
| CVE-2023-39466 | 2024-11-21 | N/A | ||
| Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20797. | ||||
| CVE-2023-39457 | 2024-11-21 | N/A | ||
| Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501. | ||||
| CVE-2023-39436 | 1 Sap | 1 Supplier Relationship Management | 2024-11-21 | 5.8 Medium |
| SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM. | ||||
| CVE-2023-39380 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally. | ||||
| CVE-2023-39231 | 1 Pingidentity | 1 Pingone Mfa Integration Kit | 2024-11-21 | 7.3 High |
| PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials. | ||||
| CVE-2023-38523 | 1 Samsung | 67 Fgn1115-wp-wh, Fgn1115-wp-wh Firmware, Fgn1122-cd and 64 more | 2024-11-21 | 5.3 Medium |
| The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06. | ||||
| CVE-2023-38422 | 1 Walchem | 2 Intuition 9, Intuition 9 Firmware | 2024-11-21 | 7.5 High |
| Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data. | ||||
| CVE-2023-38379 | 1 Rigol | 2 Mso5000, Mso5000 Firmware | 2024-11-21 | 7.5 High |
| The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password. | ||||
| CVE-2023-38030 | 1 Saho | 4 Adm-100, Adm-100 Firmware, Adm-100fp and 1 more | 2024-11-21 | 7.5 High |
| Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions. | ||||
| CVE-2023-38028 | 1 Saho | 4 Adm-100, Adm-100 Firmware, Adm-100fp and 1 more | 2024-11-21 | 9.1 Critical |
| Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service. | ||||
| CVE-2023-37483 | 1 Sap | 1 Powerdesigner | 2024-11-21 | 9.8 Critical |
| SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy. | ||||
| CVE-2023-37325 | 2024-11-21 | N/A | ||
| D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to manipulate wireless authentication settings. . Was ZDI-CAN-20104. | ||||
| CVE-2023-36926 | 1 Sap | 1 Host Agent | 2024-11-21 | 3.7 Low |
| Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no impact on integrity or availability. | ||||
| CVE-2023-36669 | 1 Kratosdefense | 2 Ngc Indoor Unit, Ngc Indoor Unit Firmware | 2024-11-21 | 9.8 Critical |
| Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit (TPU) within the IDU by sending crafted TCP requests to the IDU. | ||||
| CVE-2023-35874 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 6 Medium |
| SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability. | ||||
| CVE-2023-35873 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | 6.5 Medium |
| The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application. | ||||
| CVE-2023-35872 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | 6.5 Medium |
| The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application. | ||||
| CVE-2023-35854 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability." | ||||