Total
1117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41255 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2023-11-06 | N/A | 8.8 HIGH |
| The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network. | |||||
| CVE-2023-31132 | 2 Cacti, Microsoft | 2 Cacti, Windows | 2023-11-03 | N/A | 7.8 HIGH |
| Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-42845 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-11-02 | N/A | 5.3 MEDIUM |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be viewed without authentication. | |||||
| CVE-2022-1388 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2023-11-02 | 7.5 HIGH | 9.8 CRITICAL |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2023-39231 | 1 Pingidentity | 1 Pingone Mfa Integration Kit | 2023-10-31 | N/A | 6.5 MEDIUM |
| PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials. | |||||
| CVE-2023-39930 | 1 Pingidentity | 1 Pingid Radius Pcv | 2023-10-31 | N/A | 9.8 CRITICAL |
| A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request. | |||||
| CVE-2023-0052 | 1 Sauter-controls | 10 Modunet300 Ey-am300f001, Modunet300 Ey-am300f001 Firmware, Modunet300 Ey-am300f002 and 7 more | 2023-10-30 | N/A | 8.8 HIGH |
| SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands. | |||||
| CVE-2023-43045 | 1 Ibm | 1 Sterling Partner Engagement Manager | 2023-10-28 | N/A | 7.5 HIGH |
| IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896. | |||||
| CVE-2023-26580 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 7.5 HIGH |
| Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. | |||||
| CVE-2023-27261 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 6.5 MEDIUM |
| Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | |||||
| CVE-2023-27375 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 7.5 HIGH |
| Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-27376 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 7.5 HIGH |
| Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-27256 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 5.3 MEDIUM |
| Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | |||||
| CVE-2023-26574 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 7.5 HIGH |
| Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-26573 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. | |||||
| CVE-2023-26575 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 7.5 HIGH |
| Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. | |||||
| CVE-2023-26576 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 7.5 HIGH |
| Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-26579 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 5.3 MEDIUM |
| Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. | |||||
| CVE-2023-26571 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 7.5 HIGH |
| Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. | |||||
| CVE-2023-26570 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 7.5 HIGH |
| Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||