Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48952 | 2024-11-08 | 6.4 Medium | ||
| An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints. | ||||
| CVE-2024-48953 | 1 Logpoint | 1 Logpoint | 2024-11-08 | 7.5 High |
| An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access. | ||||
| CVE-2024-50589 | 1 Hasomed | 1 Elefant | 2024-11-08 | 7.5 High |
| An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources (FHIR) API to get access to sensitive electronic health records (EHR). | ||||
| CVE-2023-35872 | 1 Sap | 1 Netweaver Process Integration | 2024-11-08 | 6.5 Medium |
| The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application. | ||||
| CVE-2023-35873 | 1 Sap | 1 Netweaver Process Integration | 2024-11-08 | 6.5 Medium |
| The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application. | ||||
| CVE-2024-37767 | 1 B1ackc4t | 1 14finger | 2024-11-07 | 7.5 High |
| Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request. | ||||
| CVE-2024-2921 | 1 Devolutions | 1 Devolutions Server | 2024-11-07 | 9.8 Critical |
| Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions. | ||||
| CVE-2024-21824 | 2024-11-07 | 5.3 Medium | ||
| Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2024-51362 | 1 Lsc Smart Connect | 1 Indoor Camera Firmware | 2024-11-06 | 6.5 Medium |
| The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security. No credentials or special permissions are required, and access can be gained remotely over the network. | ||||
| CVE-2023-40393 | 1 Apple | 1 Macos | 2024-11-06 | 7.5 High |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication. | ||||
| CVE-2024-10386 | 1 Rockwellautomation | 1 Thinmanager | 2024-11-05 | 9.8 Critical |
| CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation. | ||||
| CVE-2024-47406 | 2 Sharp, Toshibatec | 643 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 640 more | 2024-11-05 | 9.1 Critical |
| Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability. | ||||
| CVE-2023-37495 | 2024-11-05 | 5.9 Medium | ||
| Internet passwords stored in Person documents in the Domino® Directory created using the "Add Person" action on the People & Groups tab in the Domino® Administrator are secured using a cryptographically weak hash algorithm. This could enable attackers with access to the hashed value to determine a user's password, e.g. using a brute force attack. This issue does not impact Person documents created through user registration https://help.hcltechsw.com/domino/10.0.1/admin/conf_userregistration_c.html . | ||||
| CVE-2024-3219 | 2024-11-04 | N/A | ||
| The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included. | ||||
| CVE-2022-31266 | 1 Ilias | 1 Ilias | 2024-11-04 | 4.3 Medium |
| In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. | ||||
| CVE-2024-6582 | 2 Lunary, Lunary-ai | 2 Lunary, Lunary-ai\/lunary | 2024-11-03 | 4.3 Medium |
| A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known. | ||||
| CVE-2024-22513 | 2024-11-01 | 5.5 Medium | ||
| djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method. | ||||
| CVE-2022-20861 | 1 Cisco | 1 Nexus Dashboard | 2024-11-01 | 9.8 Critical |
| Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20858 | 1 Cisco | 1 Nexus Dashboard | 2024-11-01 | 9.8 Critical |
| Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20857 | 1 Cisco | 1 Nexus Dashboard | 2024-11-01 | 9.8 Critical |
| Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory. | ||||