Total
66 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20674 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.8 HIGH |
| Windows Kerberos Security Feature Bypass Vulnerability | |||||
| CVE-2024-20378 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed. | |||||
| CVE-2024-20015 | 2 Google, Mediatek | 40 Android, Mt6739, Mt6753 and 37 more | 2024-11-21 | N/A | 7.8 HIGH |
| In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419. | |||||
| CVE-2024-1202 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass.This issue affects Octopod: before v1. NOTE: The vendor was contacted and it was learned that the product is not supported. | |||||
| CVE-2023-7103 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass.This issue affects UFace 5: through 12022024. | |||||
| CVE-2023-6998 | 1 Coolkit | 1 Ewelink | 2024-11-21 | N/A | 7.7 HIGH |
| Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0. | |||||
| CVE-2023-6153 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-4727 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege. | |||||
| CVE-2023-41920 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in. | |||||
| CVE-2023-36497 | 1 Doverfuelingsolutions | 2 Maglink Lx 3, Maglink Lx Web Console Configuration | 2024-11-21 | N/A | 8.8 HIGH |
| Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin privileges. | |||||
| CVE-2023-2959 | 1 Olivaekspertiz | 1 Oliva Ekspertiz | 2024-11-21 | N/A | 7.5 HIGH |
| Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2. | |||||
| CVE-2023-1833 | 1 Redline | 1 Router Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17. | |||||
| CVE-2023-1307 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. | |||||
| CVE-2023-0777 | 1 Modoboa | 1 Modoboa | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. | |||||
| CVE-2022-2651 | 1 Joinbookwyrm | 1 Bookwyrm | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5. | |||||
| CVE-2021-45031 | 1 Mepsan | 1 Stawiz Usc\+\+ | 2024-11-21 | 7.5 HIGH | 7.7 HIGH |
| A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. | |||||
| CVE-2020-15787 | 1 Siemens | 2 Simatic Hmi United Comfort Panels, Simatic Hmi United Comfort Panels Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. | |||||
| CVE-2020-14359 | 1 Redhat | 1 Louketo Proxy | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers. | |||||
| CVE-2020-10923 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642. | |||||
| CVE-2024-10082 | 2024-11-06 | N/A | 8.7 HIGH | ||
| CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot be disabled, and has universal access.This vulnerability allows an attacker who can create an account on an enabled external authentication service, to log in as the root user, and access and control everything that can be controlled via the web interface. The attacker needs to acquire the username of the root user to be successful. This issue affects CodeChecker: through 6.24.1. | |||||