Total
3616 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31152 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2024-11-21 | N/A | 4.0 MEDIUM |
| An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. See SEL Service Bulletin dated 2022-11-15 for more details. | |||||
| CVE-2023-31127 | 1 Dmtf | 1 Libspdm | 2024-11-21 | N/A | 9.0 CRITICAL |
| libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may be able to establish the session with `KEY_EXCHANGE` and `PSK_FINISH` to bypass the mutual authentication. This is most likely to happen when the Requester begins a session using one method (DHE, for example) and then uses the other method's finish (PSK_FINISH in this example) to establish the session. The session hashes would be expected to fail in this case, but the condition was not detected. This issue only impacts the SPDM responder, which supports `KEY_EX_CAP=1 and `PSK_CAP=10b` at same time with mutual authentication requirement. The SPDM requester is not impacted. The SPDM responder is not impacted if `KEY_EX_CAP=0` or `PSK_CAP=0` or `PSK_CAP=01b`. The SPDM responder is not impacted if mutual authentication is not required. libspdm 1.0, 2.0, 2.1, 2.2, 2.3 are all impacted. Older branches are not maintained, but users of the 2.3 branch may receive a patch in version 2.3.2. The SPDM specification (DSP0274) does not contain this vulnerability. | |||||
| CVE-2023-31123 | 1 Effectindex | 1 Tripreporter | 2024-11-21 | N/A | 9.1 CRITICAL |
| `effectindex/tripreporter` is a community-powered, universal platform for submitting and analyzing trip reports. Prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b, any user with an account on an instance of `effectindex/tripreporter`, e.g. `subjective.report`, may be affected by an improper password verification vulnerability. The vulnerability allows any user with a password matching the password requirements to log in as any user. This allows access to accounts / data loss of the user. This issue is patched in commit bd80ba833b9023d39ca22e29874296c8729dd53b. No action necessary for users of `subjective.report`, and anyone running their own instance should update to this commit or newer as soon as possible. As a workaround, someone running their own instance may apply the patch manually. | |||||
| CVE-2023-31015 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-11-21 | N/A | 6.6 MEDIUM |
| NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service. | |||||
| CVE-2023-31007 | 1 Apache | 1 Pulsar | 2024-11-21 | N/A | N/A |
| Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false. This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0. 2.9 Pulsar Broker users should upgrade to at least 2.9.5. 2.10 Pulsar Broker users should upgrade to at least 2.10.4. 2.11 Pulsar Broker users should upgrade to at least 2.11.1. 3.0 Pulsar Broker users are unaffected. Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions. | |||||
| CVE-2023-30845 | 1 Google | 1 Espv2 | 2024-11-21 | N/A | 8.2 HIGH |
| ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT authentication in specific cases. ESPv2 allows malicious requests to bypass authentication if both the conditions are true: The requested HTTP method is **not** in the API service definition (OpenAPI spec or gRPC `google.api.http` proto annotations, and the specified `X-HTTP-Method-Override` is a valid HTTP method in the API service definition. ESPv2 will forward the request to your backend without checking the JWT. Attackers can craft requests with a malicious `X-HTTP-Method-Override` value that allows them to bypass specifying JWTs. Restricting API access with API keys works as intended and is not affected by this vulnerability. Upgrade deployments to release v2.43.0 or higher to receive a patch. This release ensures that JWT authentication occurs, even when the caller specifies `x-http-method-override`. `x-http-method-override` is still supported by v2.43.0+. API clients can continue sending this header to ESPv2. | |||||
| CVE-2023-30725 | 1 Samsung | 1 Gallery | 2024-11-21 | N/A | 5.1 MEDIUM |
| Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider. | |||||
| CVE-2023-30724 | 1 Samsung | 1 Gallery | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history. | |||||
| CVE-2023-30708 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.6 MEDIUM |
| Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status. | |||||
| CVE-2023-30675 | 1 Samsung | 1 Pass | 2024-11-21 | N/A | 6.2 MEDIUM |
| Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed. | |||||
| CVE-2023-30560 | 1 Bd | 2 Alaris 8015 Pcu, Alaris 8015 Pcu Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
| The configuration from the PCU can be modified without authentication using physical connection to the PCU. | |||||
| CVE-2023-30559 | 1 Bd | 2 Alaris 8015 Pcu, Alaris 8015 Pcu Firmware | 2024-11-21 | N/A | 5.2 MEDIUM |
| The firmware update package for the wireless card is not properly signed and can be modified. | |||||
| CVE-2023-30223 | 1 4d | 1 Server | 2024-11-21 | N/A | 7.5 HIGH |
| A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions. | |||||
| CVE-2023-2706 | 1 Xootix | 1 Otp Login Woocommerce \& Gravity Forms | 2024-11-21 | N/A | 8.1 HIGH |
| The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for unauthenticated attackers to obtain login codes for administrators. This does require an attacker have access to the phone number configured for an account, which can be obtained via social engineering or reconnaissance. | |||||
| CVE-2023-2638 | 1 Rockwellautomation | 2 Factorytalk Policy Manager, Factorytalk System Services | 2024-11-21 | N/A | 5.9 MEDIUM |
| Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited. | |||||
| CVE-2023-2626 | 1 Google | 10 Nest Hub, Nest Hub Firmware, Nest Hub Max and 7 more | 2024-11-21 | N/A | 7.5 HIGH |
| There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network. This provides a pathway for an attacker to send/receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain any network vulnerabilities that would normally be mitigated by the home router’s NAT firewall. Effected devices have been mitigated through an automatic update beyond the affected range. | |||||
| CVE-2023-2586 | 1 Teltonika | 1 Remote Management System | 2024-11-21 | N/A | 9.0 CRITICAL |
| Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature" enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user's devices, including remote code execution with 'root' privileges (using the 'Task Manager' feature on RMS). | |||||
| CVE-2023-2499 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | N/A | 9.8 CRITICAL |
| The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | |||||
| CVE-2023-2437 | 1 Userproplugin | 1 Userpro | 2024-11-21 | N/A | 9.8 CRITICAL |
| The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability. | |||||
| CVE-2023-2297 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-0814, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability. | |||||