Search
Total
2785 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21654 | 2024-01-12 | N/A | N/A | ||
| Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a. | |||||
| CVE-2022-30550 | 2 Debian, Dovecot | 2 Debian Linux, Dovecot | 2024-01-12 | N/A | 8.8 HIGH |
| An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user. | |||||
| CVE-2023-46805 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-01-12 | N/A | 8.2 HIGH |
| An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. | |||||
| CVE-2024-22206 | 2024-01-12 | N/A | N/A | ||
| Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3. | |||||
| CVE-2023-51717 | 1 Dataiku | 1 Data Science Studio | 2024-01-12 | N/A | 9.8 CRITICAL |
| Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass. | |||||
| CVE-2022-46146 | 1 Prometheus | 1 Exporter Toolkit | 2024-01-12 | N/A | 8.8 HIGH |
| Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality. | |||||
| CVE-2023-26455 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-01-12 | N/A | 7.8 HIGH |
| RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known. | |||||
| CVE-2023-7211 | 1 Uniwayinfo | 10 Uw-101x, Uw-101x Firmware, Uw-301vpw and 7 more | 2024-01-11 | N/A | 8.1 HIGH |
| A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability affects unknown code of the component Administrative Web Interface. The manipulation leads to reliance on ip address for authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-249766 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7210 | 1 Onenav | 1 Onenav | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249765 was assigned to this vulnerability. | |||||
| CVE-2023-41999 | 1 Arcserve | 1 Udp | 2024-01-10 | N/A | 9.8 CRITICAL |
| An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication. | |||||
| CVE-2024-20803 | 1 Samsung | 1 Android | 2024-01-10 | N/A | 6.5 MEDIUM |
| Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction. | |||||
| CVE-2024-21632 | 1 Recognizeapp | 1 Omniauth\ | 2024-01-09 | N/A | 9.8 CRITICAL |
| omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the `email` is used as a trusted user identifier. This could lead to account takeover. Version 2.0.0 contains a fix for this issue. | |||||
| CVE-2023-51708 | 1 Bentley | 2 Assetwise Alim For Transportation, Eb System Management Console | 2024-01-09 | N/A | 8.6 HIGH |
| Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25. | |||||
| CVE-2023-48121 | 1 Ezviz | 8 Cs-c3n-a0-3h2wfrl, Cs-c3n-a0-3h2wfrl Firmware, Cs-c6cn-a0-3h2wfr and 5 more | 2024-01-09 | N/A | 5.3 MEDIUM |
| An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices. | |||||
| CVE-2019-18337 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-01-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext. | |||||
| CVE-2019-18341 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-01-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations). | |||||
| CVE-2023-50714 | 1 Yiiframework | 1 Yii2-authclient | 2024-01-08 | N/A | 8.8 HIGH |
| yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the `authCodeVerifier` should be removed after usage (similar to `authState`). Second, there is a risk for a `downgrade attack` if PKCE is being relied on for CSRF protection. Version 2.2.15 contains a patch for the issue. No known workarounds are available. | |||||
| CVE-2023-7079 | 1 Cloudflare | 1 Wrangler | 2024-01-05 | N/A | 5.7 MEDIUM |
| Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file. | |||||
| CVE-2023-45866 | 6 Apple, Bluproducts, Canonical and 3 more | 16 Ipad Os, Iphone Os, Iphone Se and 13 more | 2024-01-05 | N/A | 6.3 MEDIUM |
| Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. | |||||
| CVE-2023-31292 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-01-04 | N/A | 5.5 MEDIUM |
| An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack. | |||||
| CVE-2023-37544 | 1 Apache | 1 Pulsar | 2024-01-04 | N/A | 7.5 HIGH |
| Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8.*, from 2.9.0 through 2.9.*, from 2.10.0 through 2.10.4, from 2.11.0 through 2.11.1, 3.0.0. The known risks include a denial of service due to the WebSocket Proxy accepting any connections, and excessive data transfer due to misuse of the WebSocket ping/pong feature. 2.10 Pulsar WebSocket Proxy users should upgrade to at least 2.10.5. 2.11 Pulsar WebSocket Proxy users should upgrade to at least 2.11.2. 3.0 Pulsar WebSocket Proxy users should upgrade to at least 3.0.1. 3.1 Pulsar WebSocket Proxy users are unaffected. Any users running the Pulsar WebSocket Proxy for 2.8, 2.9, and earlier should upgrade to one of the above patched versions. | |||||
| CVE-2023-4641 | 2 Redhat, Shadow-maint | 9 Codeready Linux Builder, Codeready Linux Builder For Arm64, Codeready Linux Builder For Ibm Z Systems and 6 more | 2024-01-04 | N/A | 5.5 MEDIUM |
| A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. | |||||
| CVE-2023-40038 | 1 Arris | 4 Dg1670a, Dg1670a Firmware, Dg860a and 1 more | 2024-01-04 | N/A | 8.8 HIGH |
| Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.) | |||||
| CVE-2023-51442 | 1 Navidrome | 1 Navidrome | 2024-01-04 | N/A | 8.6 HIGH |
| Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key "not so secret". The vulnerability can only be exploited on instances that have never been restarted. Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. the `p` or `t` and `s` query parameters). This authentication bypass vulnerability potentially affects all instances that don't protect the subsonic endpoint `/rest/`, which is expected to be most instances in a standard deployment, and most instances in the reverse proxy setup too (as the documentation mentions to leave that endpoint unprotected). This issue has been patched in version 0.50.2. | |||||
| CVE-2022-34267 | 1 Rws | 1 Worldserver | 2024-01-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint. | |||||
| CVE-2023-31224 | 1 Jamf | 1 Jamf | 2024-01-03 | N/A | 9.8 CRITICAL |
| There is broken access control during authentication in Jamf Pro Server before 10.46.1. | |||||
| CVE-2023-49791 | 1 Nextcloud | 1 Nextcloud Server | 2024-01-03 | N/A | 5.4 MEDIUM |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an active session of another user via another way, they could delete and modify workflows by sending calls directly to the API bypassing the password confirmation shown in the UI. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-6155 | 1 Ays-pro | 1 Quiz Maker | 2024-01-02 | N/A | 5.3 MEDIUM |
| The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses. | |||||
| CVE-2023-6847 | 1 Github | 1 Enterprise Server | 2023-12-29 | N/A | 7.5 HIGH |
| An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-49790 | 1 Nextcloud | 1 Nextcloud | 2023-12-29 | N/A | 4.3 MEDIUM |
| The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available. | |||||
| CVE-2021-1725 | 1 Microsoft | 1 Bot Framework Software Development Kit | 2023-12-29 | 2.1 LOW | 5.5 MEDIUM |
| Bot Framework SDK Information Disclosure Vulnerability | |||||
| CVE-2021-33766 | 1 Microsoft | 1 Exchange Server | 2023-12-28 | 5.0 MEDIUM | 7.3 HIGH |
| Microsoft Exchange Server Information Disclosure Vulnerability | |||||
| CVE-2021-34523 | 1 Microsoft | 1 Exchange Server | 2023-12-28 | 7.5 HIGH | 9.0 CRITICAL |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2021-38647 | 1 Microsoft | 10 Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics \(lad\) and 7 more | 2023-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Open Management Infrastructure Remote Code Execution Vulnerability | |||||
| CVE-2021-38648 | 1 Microsoft | 10 Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics \(lad\) and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Open Management Infrastructure Elevation of Privilege Vulnerability | |||||
| CVE-2021-36949 | 1 Microsoft | 2 Azure Active Directory Connect, Azure Active Directory Connect Provisioning Agent | 2023-12-28 | 4.9 MEDIUM | 7.1 HIGH |
| Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | |||||
| CVE-2023-3622 | 1 Solarwinds | 1 Solarwinds Platform | 2023-12-28 | N/A | 4.3 MEDIUM |
| Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource | |||||
| CVE-2023-40660 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2023-12-23 | N/A | 6.6 MEDIUM |
| A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness. | |||||
| CVE-2023-6483 | 1 Aditaas | 1 Allied Digital Integrated Tool-as-a-service | 2023-12-22 | N/A | 9.8 CRITICAL |
| The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable platform. Successful exploitation of this vulnerability could allow the attacker to gain full access to the customers’ data and completely compromise the targeted platform. | |||||
| CVE-2021-31606 | 1 Openvpn-monitor Project | 1 Openvpn-monitor | 2023-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients. | |||||
| CVE-2023-2283 | 3 Fedoraproject, Libssh, Redhat | 3 Fedora, Libssh, Enterprise Linux | 2023-12-22 | N/A | 6.5 MEDIUM |
| A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. | |||||
| CVE-2023-6768 | 1 Mr-corner | 1 Amazing Little Poll | 2023-12-22 | N/A | 9.8 CRITICAL |
| Authentication bypass vulnerability in Amazing Little Poll affecting versions 1.3 and 1.4. This vulnerability could allow an unauthenticated user to access the admin panel without providing any credentials by simply accessing the "lp_admin.php?adminstep=" parameter. | |||||
| CVE-2022-22935 | 1 Saltstack | 1 Salt | 2023-12-21 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master. | |||||
| CVE-2021-25281 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2023-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. | |||||
| CVE-2022-30150 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-20 | 6.0 MEDIUM | 7.5 HIGH |
| Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability | |||||
| CVE-2023-6907 | 1 Codelyfe | 1 Stupid Simple Cms | 2023-12-20 | N/A | 9.1 CRITICAL |
| A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /file-manager/delete.php of the component Deletion Interface. The manipulation of the argument file leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-248269 was assigned to this vulnerability. | |||||
| CVE-2021-3784 | 1 Garudalinux | 1 Garuda Linux | 2023-12-19 | N/A | 7.0 HIGH |
| Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password. | |||||
| CVE-2023-49646 | 1 Zoom | 4 Meeting Software Development Kit, Video Software Development Kit, Virtual Desktop Infrastructure and 1 more | 2023-12-19 | N/A | 6.5 MEDIUM |
| Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2023-44252 | 1 Fortinet | 1 Fortiwan | 2023-12-18 | N/A | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values. | |||||
| CVE-2023-28121 | 1 Automattic | 2 Woocommerce Payments, Woopayments | 2023-12-18 | N/A | 9.8 CRITICAL |
| An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated. | |||||