Total
3770 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33274 | 1 Voltronicpower | 1 Snmp Web Pro | 2024-11-21 | 9.8 Critical |
| The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and affects all instances of SNMP Web Pro 1.1 without HTTP Digest authentication enabled, regardless of the password used for the web interface. | ||||
| CVE-2023-33237 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-11-21 | 8.8 High |
| TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors. | ||||
| CVE-2023-33190 | 2 Sealos, Sealos Project | 2 Sealos, Sealos | 2024-11-21 | 10 Critical |
| Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.1-rc4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-33070 | 1 Qualcomm | 204 Apq5053-aa, Apq5053-aa Firmware, Aqt1000 and 201 more | 2024-11-21 | 7.1 High |
| Transient DOS in Automotive OS due to improper authentication to the secure IO calls. | ||||
| CVE-2023-33054 | 1 Qualcomm | 336 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 333 more | 2024-11-21 | 9.1 Critical |
| Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. | ||||
| CVE-2023-32661 | 1 Intel | 3 Nuc Kit Nuc7cjyh, Nuc Kit Nuc7pjyh, Realtek Sd Card Reader Driver | 2024-11-21 | 6.7 Medium |
| Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software before version 10.0.19041.29098 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32453 | 1 Dell | 222 Alienware M15 R7, Alienware M15 R7 Firmware, Alienware M16 and 219 more | 2024-11-21 | 4.6 Medium |
| Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator. | ||||
| CVE-2023-32202 | 1 Walchem | 2 Intuition 9, Intuition 9 Firmware | 2024-11-21 | 6.5 Medium |
| Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device. | ||||
| CVE-2023-32090 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Platform | 2024-11-21 | 9.8 Critical |
| Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials | ||||
| CVE-2023-31634 | 2024-11-21 | 9.8 Critical | ||
| In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126. | ||||
| CVE-2023-31292 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack. | ||||
| CVE-2023-31224 | 1 Jamf | 1 Jamf | 2024-11-21 | 9.8 Critical |
| There is broken access control during authentication in Jamf Pro Server before 10.46.1. | ||||
| CVE-2023-31190 | 1 Bluemark | 2 Dronescout Ds230, Dronescout Ds230 Firmware | 2024-11-21 | 8.1 High |
| DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by anĀ Improper Authentication vulnerability during the firmware update procedure. Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which the firmware update package (.tar.bz2 file) is downloaded. An attacker with the ability to put himself in a Man-in-the-Middle situation (e.g., DNS poisoning, ARP poisoning, control of a node on the route to the endpoint, etc.) can trick the DroneScout ds230 to install a crafted malicious firmware update containing arbitrary files (e.g., executable and configuration) and gain administrative (root) privileges on the underlying Linux operating system. This issue affects DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042. | ||||
| CVE-2023-31189 | 2024-11-21 | 5.2 Medium | ||
| Improper authentication in some Intel(R) Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access. | ||||
| CVE-2023-31015 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-11-21 | 6.6 Medium |
| NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service. | ||||
| CVE-2023-31007 | 1 Apache | 1 Pulsar | 2024-11-21 | 0 Low |
| Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false. This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0. 2.9 Pulsar Broker users should upgrade to at least 2.9.5. 2.10 Pulsar Broker users should upgrade to at least 2.10.4. 2.11 Pulsar Broker users should upgrade to at least 2.11.1. 3.0 Pulsar Broker users are unaffected. Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions. | ||||
| CVE-2023-30967 | 1 Palantir | 1 Orbital Simulator | 2024-11-21 | 9.8 Critical |
| Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. | ||||
| CVE-2023-30725 | 1 Samsung | 1 Gallery | 2024-11-21 | 5.1 Medium |
| Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider. | ||||
| CVE-2023-30724 | 1 Samsung | 1 Gallery | 2024-11-21 | 4 Medium |
| Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history. | ||||
| CVE-2023-30708 | 1 Samsung | 1 Android | 2024-11-21 | 4.6 Medium |
| Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status. | ||||