Total
3455 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17153 | 1 Western Digital | 21 My Cloud Dl2100, My Cloud Dl4100, My Cloud Dl4100 Firmware and 18 more | 2023-07-28 | 10.0 HIGH | 9.8 CRITICAL |
| It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie. | |||||
| CVE-2023-27877 | 1 Ibm | 1 Cloud Pak For Data | 2023-07-28 | N/A | 7.5 HIGH |
| IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905. | |||||
| CVE-2023-3638 | 1 Geovision | 2 Gv-adr2701, Gv-adr2701 Firmware | 2023-07-28 | N/A | 9.8 CRITICAL |
| In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application. | |||||
| CVE-2023-37268 | 1 Warpgate Project | 1 Warpgate | 2023-07-28 | N/A | 8.8 HIGH |
| Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication. | |||||
| CVE-2023-3591 | 1 Mattermost | 1 Mattermost Server | 2023-07-27 | N/A | 8.2 HIGH |
| Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created. | |||||
| CVE-2022-34155 | 1 Miniorange | 1 Oauth Single Sign On | 2023-07-27 | N/A | 8.8 HIGH |
| Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3. | |||||
| CVE-2023-28182 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2023-07-27 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device. | |||||
| CVE-2023-2759 | 1 Taphome | 2 Core, Core Firmware | 2023-07-27 | N/A | 8.8 HIGH |
| A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability. | |||||
| CVE-2023-36466 | 1 Discourse | 1 Discourse | 2023-07-27 | N/A | 4.3 MEDIUM |
| Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse. | |||||
| CVE-2023-35901 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2023-07-26 | N/A | 5.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380. | |||||
| CVE-2023-37362 | 1 Weintek | 1 Weincloud | 2023-07-26 | N/A | 8.8 HIGH |
| Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website. | |||||
| CVE-2023-30560 | 1 Bd | 2 Alaris 8015 Pcu, Alaris 8015 Pcu Firmware | 2023-07-25 | N/A | 6.8 MEDIUM |
| The configuration from the PCU can be modified without authentication using physical connection to the PCU. | |||||
| CVE-2023-33274 | 1 Voltronicpower | 1 Snmp Web Pro | 2023-07-25 | N/A | 9.8 CRITICAL |
| The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and affects all instances of SNMP Web Pro 1.1 without HTTP Digest authentication enabled, regardless of the password used for the web interface. | |||||
| CVE-2023-34137 | 1 Sonicwall | 2 Analytics, Global Management System | 2023-07-25 | N/A | 9.8 CRITICAL |
| SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2022-21684 | 1 Discourse | 1 Discourse | 2023-07-24 | 6.0 MEDIUM | 8.8 HIGH |
| Discourse is an open source discussion platform. Versions prior to 2.7.13 in `stable`, 2.8.0.beta11 in `beta`, and 2.8.0.beta11 in `tests-passed` allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with `must_approve_users` enabled is going to be automatically logged in, bypassing the check that does not allow unapproved users to sign in. They will be able to do everything an approved user can do. If they logout, they cannot log back in. This issue is patched in the `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11. One may disable invites as a workaround. Administrators can increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users. | |||||
| CVE-2022-21196 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2023-07-24 | 10.0 HIGH | 9.8 CRITICAL |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information. | |||||
| CVE-2022-23654 | 1 Requarks | 1 Wiki.js | 2023-07-24 | 3.5 LOW | 6.5 MEDIUM |
| Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation. | |||||
| CVE-2022-1248 | 1 Sap Information System Project | 1 Sap Information System | 2023-07-24 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploit details were disclosed. | |||||
| CVE-2022-1349 | 1 2code | 1 Wpqa Builder | 2023-07-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any users (with privileges as low as Subscriber) to delete the profile pictures of any other user. | |||||
| CVE-2022-1801 | 1 Very Simple Contact Form Project | 1 Very Simple Contact Form | 2023-07-24 | 5.0 MEDIUM | 7.5 HIGH |
| The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots. | |||||