Total
1460 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-28326 | 1 Apache | 1 Openmeetings | 2024-11-21 | N/A | 9.8 CRITICAL |
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room | |||||
CVE-2023-27983 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2024-11-21 | N/A | 6.5 MEDIUM |
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | |||||
CVE-2023-27980 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2024-11-21 | N/A | 8.8 HIGH |
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior) | |||||
CVE-2023-27497 | 2 Microsoft, Sap | 2 Windows, Diagnostics Agent | 2024-11-21 | N/A | 10.0 CRITICAL |
Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system. | |||||
CVE-2023-27377 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
CVE-2023-27376 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
CVE-2023-27375 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
CVE-2023-27290 | 1 Ibm | 1 Observability With Instana | 2024-11-21 | N/A | 9.1 CRITICAL |
Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737. | |||||
CVE-2023-27267 | 1 Sap | 1 Diagnostics Agent | 2024-11-21 | N/A | 9.0 CRITICAL |
Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system. | |||||
CVE-2023-27261 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 5.3 MEDIUM |
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | |||||
CVE-2023-27259 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. | |||||
CVE-2023-27258 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. | |||||
CVE-2023-27257 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. | |||||
CVE-2023-27256 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 5.8 MEDIUM |
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | |||||
CVE-2023-26580 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. | |||||
CVE-2023-26579 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 5.3 MEDIUM |
Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. | |||||
CVE-2023-26576 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||
CVE-2023-26575 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. | |||||
CVE-2023-26574 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 7.5 HIGH |
Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||
CVE-2023-26573 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 8.2 HIGH |
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. |