Total
1399 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29061 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-11-21 | N/A | 5.2 MEDIUM |
| There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication. | |||||
| CVE-2023-29060 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-11-21 | N/A | 5.4 MEDIUM |
| The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data. | |||||
| CVE-2023-28761 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | N/A | 6.5 MEDIUM |
| In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity. | |||||
| CVE-2023-28697 | 1 Moxa | 2 Miineport E1, Miineport E1 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service. | |||||
| CVE-2023-28326 | 1 Apache | 1 Openmeetings | 2024-11-21 | N/A | 9.8 CRITICAL |
| Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room | |||||
| CVE-2023-27983 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | |||||
| CVE-2023-27980 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2024-11-21 | N/A | 8.8 HIGH |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior) | |||||
| CVE-2023-27497 | 2 Microsoft, Sap | 2 Windows, Diagnostics Agent | 2024-11-21 | N/A | 10.0 CRITICAL |
| Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system. | |||||
| CVE-2023-27377 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
| Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-27376 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
| Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-27375 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
| Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-27290 | 1 Ibm | 1 Observability With Instana | 2024-11-21 | N/A | 9.1 CRITICAL |
| Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737. | |||||
| CVE-2023-27267 | 1 Sap | 1 Diagnostics Agent | 2024-11-21 | N/A | 9.0 CRITICAL |
| Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system. | |||||
| CVE-2023-27261 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 5.3 MEDIUM |
| Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | |||||
| CVE-2023-27259 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
| Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. | |||||
| CVE-2023-27258 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
| Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. | |||||
| CVE-2023-27257 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
| Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. | |||||
| CVE-2023-27256 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 5.8 MEDIUM |
| Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | |||||
| CVE-2023-26580 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
| Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. | |||||
| CVE-2023-26579 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 5.3 MEDIUM |
| Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. | |||||