Total
1547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39601 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. | |||||
| CVE-2024-38437 | 1 Dlink | 2 Dsl-225, Dsl-225 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel | |||||
| CVE-2024-38279 | 1 Motorola | 2 Vigilant Fixed Lpr Coms Box, Vigilant Fixed Lpr Coms Box Firmware | 2024-11-21 | N/A | 4.6 MEDIUM |
| The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. | |||||
| CVE-2024-37152 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | N/A | 5.3 MEDIUM |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17. | |||||
| CVE-2024-36457 | 2024-11-21 | N/A | N/A | ||
| The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. | |||||
| CVE-2024-36445 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication. | |||||
| CVE-2024-34800 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through 3.3. | |||||
| CVE-2024-32764 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later | |||||
| CVE-2024-32735 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application. | |||||
| CVE-2024-31916 | 1 Ibm | 1 Openbmc | 2024-11-21 | N/A | 7.5 HIGH |
| IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026. | |||||
| CVE-2024-31684 | 2024-11-21 | N/A | 3.5 LOW | ||
| Incorrect access control in the fingerprint authentication mechanism of Bitdefender Mobile Security v4.11.3-gms allows attackers to bypass fingerprint authentication due to the use of a deprecated API. | |||||
| CVE-2024-2013 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-11-21 | N/A | 10.0 CRITICAL |
| An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface. | |||||
| CVE-2024-27758 | 2024-11-21 | N/A | 8.4 HIGH | ||
| In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution. | |||||
| CVE-2024-27169 | 2024-11-21 | N/A | 8.4 HIGH | ||
| Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-23917 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 9.8 CRITICAL |
| In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible | |||||
| CVE-2024-23618 | 1 Commscope | 2 Arris Surfboard Sbg6950ac2, Arris Surfboard Sbg6950ac2 Firmware | 2024-11-21 | 8.3 HIGH | 9.6 CRITICAL |
| An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root. | |||||
| CVE-2024-22513 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method. | |||||
| CVE-2024-22449 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 6.6 MEDIUM |
| Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access. | |||||
| CVE-2024-22326 | 1 Ibm | 1 Ds8900f Firmware | 2024-11-21 | N/A | 5.0 MEDIUM |
| IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Force ID: 279518. | |||||
| CVE-2024-22212 | 1 Nextcloud | 1 Global Site Selector | 2024-11-21 | N/A | 9.6 CRITICAL |
| Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue. | |||||