Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1987 | 1 Ibm | 1 Data Protection | 2023-03-31 | 1.9 LOW | 7.8 HIGH |
| IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280. | |||||
| CVE-2022-23178 | 1 Crestron | 2 Hd-md4x2-4k-e, Hd-md4x2-4k-e Firmware | 2023-03-28 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields. | |||||
| CVE-2022-39290 | 1 Zoneminder | 1 Zoneminder | 2023-03-27 | N/A | 6.5 MEDIUM |
| ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | |||||
| CVE-2018-4841 | 1 Siemens | 2 Tim 1531 Irc, Tim 1531 Irc Firmware | 2023-03-24 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it. | |||||
| CVE-2023-21460 | 1 Samsung | 1 Android | 2023-03-23 | N/A | 4.4 MEDIUM |
| Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting. | |||||
| CVE-2012-3024 | 1 Tridium | 1 Niagara Ax | 2023-03-22 | 5.0 MEDIUM | N/A |
| Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack. | |||||
| CVE-2023-1327 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-03-21 | N/A | 9.8 CRITICAL |
| Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password. | |||||
| CVE-2023-27582 | 1 Maddy Project | 1 Maddy | 2023-03-17 | N/A | 9.8 CRITICAL |
| maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it is accepted as is after checking the credentials for the authentication username. maddy 0.6.3 includes the fix for the bug. There are no known workarounds. | |||||
| CVE-2022-44574 | 1 Ivanti | 1 Avalanche | 2023-03-16 | N/A | 7.5 HIGH |
| An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port. | |||||
| CVE-2023-1065 | 1 Snyk | 1 Kubernetes Monitor | 2023-03-10 | N/A | 5.3 MEDIUM |
| This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose the user of the integration to any direct security risk and no user data can be leaked. To exploit the vulnerability the attacker does not need to be authenticated to Snyk but does need to know the target's Integration ID (which may or may not be the same as the Organization ID, although this is an unpredictable UUID in either case). | |||||
| CVE-2023-23493 | 1 Apple | 1 Macos | 2023-03-08 | N/A | 3.3 LOW |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user without prompting for the password. | |||||
| CVE-2019-1946 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2023-03-08 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementation of authentication in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted authentication request to the web-based management interface on an affected system. A successful exploit could allow the attacker to view limited configuration details and potentially upload a virtual machine image. | |||||
| CVE-2022-32570 | 1 Intel | 1 Quartus Prime | 2023-03-06 | N/A | 7.8 HIGH |
| Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-39263 | 1 Nextauth.js | 1 Next-auth | 2023-03-03 | N/A | 8.1 HIGH |
| `@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use `next-auth` Email Provider and `@next-auth/upstash-redis-adapter` before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation did not check for both the identifier (email) and the token, but only checking for the identifier when verifying the token in the email callback flow. An attacker who knows about the victim's email could easily sign in as the victim, given the attacker also knows about the verification token's expired duration. The vulnerability is patched in v3.0.2. A workaround is available. Using Advanced Initialization, developers can check the requests and compare the query's token and identifier before proceeding. | |||||
| CVE-2019-10661 | 1 Grandstream | 2 Gxv3611ir Hd, Gxv3611ir Hd Firmware | 2023-03-01 | 10.0 HIGH | 9.8 CRITICAL |
| On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. | |||||
| CVE-2018-3761 | 1 Nextcloud | 1 Nextcloud Server | 2023-02-28 | 5.8 MEDIUM | 8.1 HIGH |
| Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised. | |||||
| CVE-2022-33946 | 1 Intel | 1 System Usage Report | 2023-02-27 | N/A | 7.8 HIGH |
| Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-32971 | 1 Intel | 1 System Usage Report | 2023-02-27 | N/A | 7.2 HIGH |
| Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
| CVE-2018-3775 | 1 Nextcloud | 1 Nextcloud Server | 2023-02-27 | 4.0 MEDIUM | 8.8 HIGH |
| Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | |||||
| CVE-2019-5473 | 1 Gitlab | 1 Gitlab | 2023-02-23 | 6.5 MEDIUM | 7.2 HIGH |
| An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4. | |||||