Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2027 | 1 Zm Ajax Login \& Register Project | 1 Zm Ajax Login \& Register | 2023-11-07 | N/A | 9.8 CRITICAL |
| The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | |||||
| CVE-2023-28398 | 1 Propumpservice | 2 Osprey Pump Controller, Osprey Pump Controller Firmware | 2023-11-07 | N/A | 9.8 CRITICAL |
| Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor who successfully exploits this vulnerability could gain access to the pump controller and cause disruption in operation, modify data, or shut down the controller. | |||||
| CVE-2023-25931 | 1 Medtronic | 2 Interstim X Clinician, Micro Clinician | 2023-11-07 | N/A | 6.8 MEDIUM |
| Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer. | |||||
| CVE-2023-26150 | 1 Freeopcua | 1 Opcua-asyncio | 2023-11-07 | N/A | 7.5 HIGH |
| Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session. | |||||
| CVE-2023-20012 | 1 Cisco | 11 Nexus 93180yc-fx3, Nexus 93180yc-fx3 Firmware, Nexus 93180yc-fx3s and 8 more | 2023-11-07 | N/A | 4.6 MEDIUM |
| A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition. | |||||
| CVE-2023-1935 | 1 Emerson | 10 Dl8000, Dl8000 Firmware, Roc809 and 7 more | 2023-11-07 | N/A | 9.4 CRITICAL |
| ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition. | |||||
| CVE-2023-1752 | 1 Getnexx | 8 Nxal-100, Nxal-100 Firmware, Nxg-100b and 5 more | 2023-11-07 | N/A | 4.3 MEDIUM |
| The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address. | |||||
| CVE-2023-0858 | 1 Canon | 90 I-sensys Lbp621cw, I-sensys Lbp621cw Firmware, I-sensys Lbp623cdw and 87 more | 2023-11-07 | N/A | 5.3 MEDIUM |
| Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the product. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | |||||
| CVE-2023-0228 | 1 Abb | 1 Symphony Plus S\+ Operations | 2023-11-07 | N/A | 8.8 HIGH |
| Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2. | |||||
| CVE-2022-4126 | 4 Abb, Apple, Linux and 1 more | 4 Rccmd, Macos, Linux Kernel and 1 more | 2023-11-07 | N/A | 9.8 CRITICAL |
| Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207. | |||||
| CVE-2022-46773 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak | 2023-11-07 | N/A | 6.5 MEDIUM |
| IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951. | |||||
| CVE-2022-46170 | 1 Codeigniter | 1 Codeigniter | 2023-11-07 | N/A | 9.8 CRITICAL |
| CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if an attacker gets one session cookie (e.g., one for user pages), they may be able to access pages that require another session cookie (e.g., for admin pages). This issue has been patched, please upgrade to version 4.2.11 or later. As a workaround, use only one session cookie. | |||||
| CVE-2022-43900 | 1 Ibm | 1 Websphere Automation For Ibm Cloud Pak For Watson Aiops | 2023-11-07 | N/A | 6.5 MEDIUM |
| IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827. | |||||
| CVE-2022-45860 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2023-11-07 | N/A | 7.5 HIGH |
| A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. | |||||
| CVE-2022-44610 | 1 Intel | 1 Data Center Manager | 2023-11-07 | N/A | 8.8 HIGH |
| Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-40703 | 1 Alivecor | 1 Kardia | 2023-11-07 | N/A | 6.1 MEDIUM |
| CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app. | |||||
| CVE-2022-40144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations. | |||||
| CVE-2022-3156 | 1 Rockwellautomation | 1 Studio 5000 Logix Emulate | 2023-11-07 | N/A | 7.8 HIGH |
| A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software. | |||||
| CVE-2022-39264 | 2 Fedoraproject, Nheko-reborn | 2 Fedora, Nheko | 2023-11-07 | N/A | 5.9 MEDIUM |
| nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply the patch manually, avoid doing verifications of one's own devices, and/or avoid pressing the request button in the settings menu. | |||||
| CVE-2022-38744 | 1 Rockwellautomation | 1 Factorytalk Alarms And Events | 2023-11-07 | N/A | 7.5 HIGH |
| An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. The affected port could be used as a server ping port and uses messages structured with XML. | |||||