Total
871 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-51989 | 1 Dlink | 2 Dir-822, Dir-822 Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. | |||||
CVE-2023-51947 | 1 Actidata | 2 Actinas Sl 2u-8 Rdx, Actinas Sl 2u-8 Rdx Firmware | 2024-02-05 | N/A | 9.1 CRITICAL |
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication. | |||||
CVE-2023-5253 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-02-05 | N/A | 7.5 HIGH |
A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract asset information. | |||||
CVE-2023-29060 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-02-05 | N/A | 5.7 MEDIUM |
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data. | |||||
CVE-2023-6718 | 1 Europeana | 1 Repox | 2024-02-05 | N/A | 7.5 HIGH |
An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users. | |||||
CVE-2023-34060 | 1 Vmware | 2 Cloud Director, Photon Os | 2024-02-05 | N/A | 9.8 CRITICAL |
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present. VMware Cloud Director Appliance is impacted since it uses an affected version of sssd from the underlying Photon OS. The sssd issue is no longer present in versions of Photon OS that ship with sssd-2.8.1-11 or higher (Photon OS 3) or sssd-2.8.2-9 or higher (Photon OS 4 and 5). | |||||
CVE-2023-40393 | 1 Apple | 1 Macos | 2024-02-05 | N/A | 7.5 HIGH |
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication. | |||||
CVE-2023-51062 | 1 Qstar | 1 Archive Storage Manager | 2024-02-05 | N/A | 5.3 MEDIUM |
An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command. | |||||
CVE-2023-29061 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-02-05 | N/A | 5.2 MEDIUM |
There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication. | |||||
CVE-2023-47674 | 1 C-first | 56 Cfr-1004ea, Cfr-1004ea Firmware, Cfr-1008ea and 53 more | 2024-02-05 | N/A | 9.8 CRITICAL |
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround. | |||||
CVE-2023-51987 | 1 Dlink | 2 Dir-822, Dir-822 Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. | |||||
CVE-2023-31033 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-02-05 | N/A | 8.0 HIGH |
NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering. | |||||
CVE-2023-29063 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-02-05 | N/A | 2.4 LOW |
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup. | |||||
CVE-2024-23618 | 1 Commscope | 2 Arris Surfboard Sbg6950ac2, Arris Surfboard Sbg6950ac2 Firmware | 2024-02-05 | 8.3 HIGH | 9.8 CRITICAL |
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root. | |||||
CVE-2023-32460 | 1 Dell | 252 Dss 8440, Dss 8440 Firmware, Emc Nx440 Firmware and 249 more | 2024-02-05 | N/A | 7.8 HIGH |
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. | |||||
CVE-2023-49693 | 1 Netgear | 1 Prosafe Network Management System | 2024-02-05 | N/A | 9.8 CRITICAL |
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code. | |||||
CVE-2023-37373 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-02-05 | N/A | 7.5 HIGH |
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system. | |||||
CVE-2023-4334 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-02-05 | N/A | 7.5 HIGH |
Broadcom RAID Controller Web server (nginx) is serving private files without any authentication | |||||
CVE-2023-36669 | 1 Kratosdefense | 2 Ngc Indoor Unit, Ngc Indoor Unit Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit (TPU) within the IDU by sending crafted TCP requests to the IDU. | |||||
CVE-2023-36847 | 2024-02-05 | N/A | 5.3 MEDIUM | ||
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3. |