Export limit exceeded: 341223 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3074 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38028 | 1 Saho | 4 Adm-100, Adm-100 Firmware, Adm-100fp and 1 more | 2024-11-21 | 9.1 Critical |
| Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service. | ||||
| CVE-2023-37832 | 1 Elenos | 3 Etg150, Etg150 Firmware, Etg150 Fm | 2024-11-21 | 7.5 High |
| A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts. | ||||
| CVE-2023-37635 | 1 Uvdesk | 1 Community-skeleton | 2024-11-21 | 9.8 Critical |
| UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. | ||||
| CVE-2023-37483 | 1 Sap | 1 Powerdesigner | 2024-11-21 | 9.8 Critical |
| SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy. | ||||
| CVE-2023-36926 | 1 Sap | 1 Host Agent | 2024-11-21 | 3.7 Low |
| Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no impact on integrity or availability. | ||||
| CVE-2023-36917 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 5.9 Medium |
| SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. Although the attack has no impact on integrity loss or system availability, this could lead to an attacker to completely takeover a victim’s account. | ||||
| CVE-2023-36669 | 1 Kratosdefense | 2 Ngc Indoor Unit, Ngc Indoor Unit Firmware | 2024-11-21 | 9.8 Critical |
| Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit (TPU) within the IDU by sending crafted TCP requests to the IDU. | ||||
| CVE-2023-35941 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-11-21 | 8.6 High |
| Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration. | ||||
| CVE-2023-35874 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 6 Medium |
| SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability. | ||||
| CVE-2023-35873 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | 6.5 Medium |
| The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application. | ||||
| CVE-2023-35872 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | 6.5 Medium |
| The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application. | ||||
| CVE-2023-35854 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability." | ||||
| CVE-2023-35697 | 2 Sick, Sick Ag | 3 Icr890-4, Icr890-4 Firmware, Icr890-4 | 2024-11-21 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials. | ||||
| CVE-2023-35039 | 1 Bedevious | 1 Password Reset With Code For Wordpress Rest Api | 2024-11-21 | 9.8 Critical |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15. | ||||
| CVE-2023-34392 | 1 Selinc | 1 Sel-5037 Sel Grid Configurator | 2024-11-21 | 8.2 High |
| A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | ||||
| CVE-2023-34137 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | 9.8 Critical |
| SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
| CVE-2023-33868 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | 5.9 Medium |
| The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication. | ||||
| CVE-2023-32657 | 1 Weintek | 1 Weincloud | 2024-11-21 | 5.3 Medium |
| Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses. | ||||
| CVE-2023-32460 | 1 Dell | 252 Dss 8440, Dss 8440 Firmware, Emc Nx440 Firmware and 249 more | 2024-11-21 | 8.8 High |
| Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. | ||||
| CVE-2023-30643 | 1 Samsung | 1 Android | 2024-11-21 | 7.7 High |
| Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications. | ||||