Total
1442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2231 | 1 Max-tech | 2 Max-g866ac, Max-g866ac Firmware | 2024-11-21 | 9.8 Critical |
| A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-29485 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module. NOTE: Heimdal disputes the validity of this issue arguing that their DNS Security for Endpoint filters DNS traffic on the endpoint by intercepting system-generated DNS requests. The product was not designed to intercept DNS requests from third-party solutions. | ||||
| CVE-2023-29063 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-11-21 | 2.4 Low |
| The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup. | ||||
| CVE-2023-29061 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-11-21 | 5.2 Medium |
| There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication. | ||||
| CVE-2023-29060 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-11-21 | 5.4 Medium |
| The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data. | ||||
| CVE-2023-28326 | 1 Apache | 1 Openmeetings | 2024-11-21 | 9.8 Critical |
| Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room | ||||
| CVE-2023-27377 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | ||||
| CVE-2023-27376 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | ||||
| CVE-2023-27375 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | ||||
| CVE-2023-27261 | 1 Idattend | 1 Idweb | 2024-11-21 | 5.3 Medium |
| Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | ||||
| CVE-2023-27259 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. | ||||
| CVE-2023-27258 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. | ||||
| CVE-2023-27257 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. | ||||
| CVE-2023-27256 | 1 Idattend | 1 Idweb | 2024-11-21 | 5.8 Medium |
| Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | ||||
| CVE-2023-26580 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. | ||||
| CVE-2023-26579 | 1 Idattend | 1 Idweb | 2024-11-21 | 5.3 Medium |
| Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. | ||||
| CVE-2023-26576 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | ||||
| CVE-2023-26575 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. | ||||
| CVE-2023-26574 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | ||||
| CVE-2023-26573 | 1 Idattend | 1 Idweb | 2024-11-21 | 8.2 High |
| Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. | ||||