Total
1117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27169 | 2024-06-14 | N/A | 8.4 HIGH | ||
| Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-5952 | 2024-06-13 | N/A | 4.3 MEDIUM | ||
| Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23174. | |||||
| CVE-2024-5951 | 2024-06-13 | N/A | 7.1 HIGH | ||
| Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23173. | |||||
| CVE-2024-5947 | 2024-06-13 | N/A | 6.5 MEDIUM | ||
| Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679. | |||||
| CVE-2019-12105 | 1 Supervisord | 1 Supervisor | 2024-06-11 | 6.4 MEDIUM | 8.2 HIGH |
| In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The maintainer indicated the ability to run an open server will not be removed but an additional warning was added to the documentation | |||||
| CVE-2020-25966 | 1 Sectona | 1 Spectra | 2024-06-11 | 5.0 MEDIUM | 7.5 HIGH |
| Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendor has indicated this is not a vulnerability and states "This vulnerability occurred due to wrong configuration of system. | |||||
| CVE-2024-21306 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2024-06-11 | N/A | 5.7 MEDIUM |
| Microsoft Bluetooth Driver Spoofing Vulnerability | |||||
| CVE-2024-34800 | 2024-06-10 | N/A | 7.6 HIGH | ||
| Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through 3.3. | |||||
| CVE-2024-32752 | 2024-06-07 | N/A | N/A | ||
| Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration. | |||||
| CVE-2024-37152 | 2024-06-07 | N/A | 5.3 MEDIUM | ||
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17. | |||||
| CVE-2024-22326 | 2024-06-07 | N/A | 5.0 MEDIUM | ||
| IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Force ID: 279518. | |||||
| CVE-2022-45378 | 1 Apache | 1 Soap | 2024-06-04 | N/A | 9.8 CRITICAL |
| In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-26928 | 1 Nic | 1 Bird | 2024-06-04 | 4.9 MEDIUM | 6.8 MEDIUM |
| BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route redirection for Denial of Service and/or Information Disclosure. NOTE: a researcher has asserted that the behavior is within Tigera’s area of responsibility; however, Tigera disagrees | |||||
| CVE-2020-27986 | 1 Sonarsource | 1 Sonarqube | 2024-06-04 | 5.0 MEDIUM | 7.5 HIGH |
| SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it. | |||||
| CVE-2023-21743 | 1 Microsoft | 1 Sharepoint Server | 2024-05-29 | N/A | 5.3 MEDIUM |
| Microsoft SharePoint Server Security Feature Bypass Vulnerability | |||||
| CVE-2023-38186 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 2 more | 2024-05-29 | N/A | 9.8 CRITICAL |
| Windows Mobile Device Management Elevation of Privilege Vulnerability | |||||
| CVE-2023-24934 | 1 Microsoft | 1 Malware Protection Platform | 2024-05-29 | N/A | 5.5 MEDIUM |
| Microsoft Defender Security Feature Bypass Vulnerability | |||||
| CVE-2024-21846 | 2024-05-28 | N/A | 5.3 MEDIUM | ||
| An unauthenticated attacker can reset the board and stop transmitter operations by sending a specially-crafted GET request to the command.cgi gateway, resulting in a denial-of-service scenario. | |||||
| CVE-2024-1491 | 2024-05-28 | N/A | 7.5 HIGH | ||
| The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory. This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code. | |||||
| CVE-2023-5935 | 2024-05-28 | N/A | 7.4 HIGH | ||
| When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. A malicious local user or process, during a window of opportunity when the local web interface is active, may be able to extract sensitive information or change Arc's configuration. This could also lead to arbitrary code execution if a malicious update package is installed. | |||||