Total
1632 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52437 | 1 Saul Morales Pacheco | 1 Banner System | 2024-11-21 | 8.8 High |
| Missing Authentication for Critical Function vulnerability in Saul Morales Pacheco Banner System allows Privilege Escalation.This issue affects Banner System: from n/a through 1.0.0. | ||||
| CVE-2024-47865 | 1 Rakuten | 1 Turbo 5g Firmware | 2024-11-21 | 5.3 Medium |
| Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device. | ||||
| CVE-2024-52438 | 1 Deco.agency | 1 De.branding | 2024-11-21 | 8.8 High |
| Missing Authentication for Critical Function vulnerability in deco.Agency de:branding allows Privilege Escalation.This issue affects de:branding: from n/a through 1.0.2. | ||||
| CVE-2024-7154 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7007 | 1 Positron | 2 Tra7005, Tra7005 Firmware | 2024-11-21 | 9.8 Critical |
| Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application. | ||||
| CVE-2024-6895 | 2024-11-21 | N/A | ||
| Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover. | ||||
| CVE-2024-6422 | 1 Pepperl-fuchs | 8 Oit1500-f113-b12-cb, Oit1500-f113-b12-cb Firmware, Oit200-f113-b12-cb and 5 more | 2024-11-21 | 9.8 Critical |
| An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. | ||||
| CVE-2024-5952 | 2 Deep Sea Electronics, Deepseaelectronics | 3 Dse855, Dse855, Dse855 Firmware | 2024-11-21 | 6.5 Medium |
| Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23174. | ||||
| CVE-2024-5951 | 1 Deepseaelectronics | 2 Dse855, Dse855 Firmware | 2024-11-21 | 6.5 Medium |
| Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23173. | ||||
| CVE-2024-5947 | 1 Deepseaelectronics | 2 Dse855, Dse855 Firmware | 2024-11-21 | 6.5 Medium |
| Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679. | ||||
| CVE-2024-5143 | 2024-11-21 | 6.8 Medium | ||
| A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed. | ||||
| CVE-2024-48774 | 2024-11-21 | 7.5 High | ||
| An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process. | ||||
| CVE-2024-45844 | 1 F5 | 1 Big-ip | 2024-11-21 | 7.2 High |
| BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-45274 | 3 Helmholz, Mb Connect Line, Mbconnectline | 5 Rex 100, Rex 100 Firmware, Mbnet.mini and 2 more | 2024-11-21 | 9.8 Critical |
| An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. | ||||
| CVE-2024-3774 | 1 Aenrich | 1 A\+hrd | 2024-11-21 | 5.3 Medium |
| aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values. | ||||
| CVE-2024-39601 | 2024-11-21 | 6.5 Medium | ||
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. | ||||
| CVE-2024-38437 | 1 Dlink | 2 Dsl-225, Dsl-225 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel | ||||
| CVE-2024-38279 | 2 Motorola, Motorolasolutions | 3 Vigilant Fixed Lpr Coms Box, Vigilant Fixed Lpr Coms Box Firmware, Vigilant Fixed Lpr Coms Box Bcav1f2 C600 | 2024-11-21 | 4.6 Medium |
| The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. | ||||
| CVE-2024-37152 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 5.3 Medium |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17. | ||||
| CVE-2024-36457 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | N/A |
| The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. | ||||