Total
1125 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41418 | 1 Ariang Project | 1 Ariang | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| AriaNg v0.1.0~v1.2.2 is affected by an incorrect access control vulnerability through not authenticating visitors' access rights. | |||||
| CVE-2014-4872 | 1 Bmc | 1 Track-it\! | 2023-08-02 | 7.5 HIGH | N/A |
| BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService. | |||||
| CVE-2021-44152 | 1 Reprisesoftware | 1 Reprise License Manager | 2023-08-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account. | |||||
| CVE-2022-34858 | 1 Miniorange | 1 Oauth 2.0 Client For Sso | 2023-08-02 | N/A | 9.8 CRITICAL |
| Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress. | |||||
| CVE-2023-38523 | 1 Samsung | 66 Fgn1115-wp-wh, Fgn1115-wp-wh Firmware, Fgn1122-cd and 63 more | 2023-08-01 | N/A | 5.3 MEDIUM |
| The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06. | |||||
| CVE-2023-37265 | 1 Icewhale | 2 Casaos, Casaos-gateway | 2023-07-31 | N/A | 9.8 CRITICAL |
| CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly. | |||||
| CVE-2023-36669 | 1 Kratosdefense | 2 Ngc Indoor Unit, Ngc Indoor Unit Firmware | 2023-07-28 | N/A | 9.8 CRITICAL |
| Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit (TPU) within the IDU by sending crafted TCP requests to the IDU. | |||||
| CVE-2022-27169 | 1 Openautomationsoftware | 1 Oas Platform | 2023-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2022-26303 | 1 Openautomationsoftware | 1 Oas Platform | 2023-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26082 | 1 Openautomationsoftware | 1 Oas Platform | 2023-07-26 | 7.5 HIGH | 9.8 CRITICAL |
| A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26067 | 1 Openautomationsoftware | 1 Oas Platform | 2023-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26043 | 1 Openautomationsoftware | 1 Oas Platform | 2023-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26026 | 1 Openautomationsoftware | 1 Oas Platform | 2023-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2022-21952 | 1 Suse | 1 Manager Server | 2023-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37. | |||||
| CVE-2022-1248 | 1 Sap Information System Project | 1 Sap Information System | 2023-07-24 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploit details were disclosed. | |||||
| CVE-2022-2141 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2023-07-24 | N/A | 9.8 CRITICAL |
| SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication. | |||||
| CVE-2022-31176 | 1 Grafana | 1 Grafana-image-renderer | 2023-07-24 | N/A | 8.1 HIGH |
| Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer). | |||||
| CVE-2023-35873 | 1 Sap | 1 Netweaver Process Integration | 2023-07-19 | N/A | 6.5 MEDIUM |
| The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application. | |||||
| CVE-2023-35872 | 1 Sap | 1 Netweaver Process Integration | 2023-07-19 | N/A | 6.5 MEDIUM |
| The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application. | |||||
| CVE-2022-27891 | 1 Palantir | 1 Gotham | 2023-07-18 | N/A | 5.3 MEDIUM |
| Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0. | |||||