Total
3617 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20889 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.9 MEDIUM |
| Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices. | |||||
| CVE-2024-20816 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 8.0 HIGH |
| Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness. | |||||
| CVE-2024-20815 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 8.0 HIGH |
| Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness. | |||||
| CVE-2024-20803 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.8 MEDIUM |
| Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction. | |||||
| CVE-2024-20738 | 2 Adobe, Microsoft | 2 Framemaker Publishing Server, Windows | 2024-11-21 | N/A | 9.8 CRITICAL |
| Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass authentication mechanisms and gain unauthorized access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-1573 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: * Active Directory is used in the security setting. * “Automatic log in” option is enabled in the security setting. * The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. * The IcoAnyGlass IIS Application Pool account is included in GENESIS64TM and MC Works64 Security and has permission to log in. | |||||
| CVE-2024-1148 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files. | |||||
| CVE-2024-1147 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files. | |||||
| CVE-2024-1039 | 1 Gesslergmbh | 2 Web-master, Web-master Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device. | |||||
| CVE-2024-1006 | 1 Shanxi Tianneng Technology | 1 Noderp | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument Nod_User_Id/Nod_User_Token leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252275. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0988 | 1 Kuerp Project | 1 Kuerp | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this vulnerability is the function checklogin of the file /application/index/common.php. The manipulation of the argument App_User_id/App_user_Token leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-252253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0879 | 1 Mintplexlabs | 1 Vector Admin | 2024-11-21 | N/A | 6.5 MEDIUM |
| Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address. | |||||
| CVE-2024-0822 | 1 Ovirt | 1 Ovirt-engine | 2024-11-21 | N/A | 7.5 HIGH |
| An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command. | |||||
| CVE-2024-0799 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin. | |||||
| CVE-2024-0568 | 1 Se | 4 Renf22r2mmw, Renf22r2mmw Firmware, Rmnf22tb30 and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
| CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication. | |||||
| CVE-2023-7211 | 1 Uniwayinfo | 10 Uw-101x, Uw-101x Firmware, Uw-301vpw and 7 more | 2024-11-21 | 5.1 MEDIUM | 5.6 MEDIUM |
| A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability affects unknown code of the component Administrative Web Interface. The manipulation leads to reliance on ip address for authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-249766 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7210 | 1 Onenav | 1 Onenav | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249765 was assigned to this vulnerability. | |||||
| CVE-2023-7079 | 1 Cloudflare | 1 Wrangler | 2024-11-21 | N/A | 6.4 MEDIUM |
| Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file. | |||||
| CVE-2023-6907 | 1 Codelyfe | 1 Stupid Simple Cms | 2024-11-21 | 4.8 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /file-manager/delete.php of the component Deletion Interface. The manipulation of the argument file leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-248269 was assigned to this vulnerability. | |||||
| CVE-2023-6847 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 7.5 HIGH |
| An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||