PT-2024-4030 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.8 through 3.11.4 GitHub Enterprise Server versions prior to 3.9.10 GitHub Enterprise Server versions prior to 3.10.7 GitHub Enterprise Server versions prior to 3.11.5 Description: The issue is related to an...

The vulnerability of the XWiki platform, caused by deficiencies in the authentication process, allows unauthorized users to gain access to protected information.

The vulnerability of the XWiki platform stems from deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

Litespeed Technologie LiteSpeed QUIC Security Vulnerability

Litespeed Technologie LiteSpeed QUIC LSQUIC is an open source implementation of QUIC and HTTP/3 functionality for servers and clients from Litespeed Technologie, USA. A security vulnerability exists in Litespeed Technologie LiteSpeed QUIC versions prior to 4.0.4, which stems from a mishandled...

CentOS 8 : cups (CESA-2023:4864)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:4864 advisory. - An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. ...

CVE-2023-6230

Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C...

CVE-2023-6221 MachineSense FeverWarn Missing Authentication for Critical Function

The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller PLC, PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal...

LeptonCMS Arbitrary File Upload Vulnerability

LeptonCMS is a content management system CMS for the Lepton Project. An arbitrary file upload vulnerability exists in LeptonCMS version v7.0.0, which stems from the application's lack of effective authentication of uploaded files. An authenticated attacker can exploit this vulnerability to execut...

Shanxi Diankeyun Technology NODERP Authorization Issue Vulnerability

Shanxi Diankeyun Technology NODERP is an ERP system from Shanxi Diankeyun Technology. An authorization issue vulnerability exists in Shanxi Diankeyun Technology NODERP version 6.0.2, which stems from the possibility that the parameter NodUserId/NodUserToken in the file application/index/common.ph...

CVE-2023-42935

An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen...

CVE-2023-42935

An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen...

CVE-2023-42935

CVE-2023-42935 is a local-authentication issue in macOS where an attacker could view the previous log-in user’s desktop from the Fast User Switching screen. The root cause is insufficient state management around user-switch handling. Apple fixed this in macOS Ventura 13.6.4. The impact is limited...

PT-2024-20117

Name of the Vulnerable Software and Affected Versions Hitron Systems DVR LGUVR-16H versions 1.02 through 4.02 Description The issue is related to improper input validation, which allows an attacker to cause a network attack if the default admin ID and password are used. Recommendations For versio...

PT-2024-19719 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 17.3 iPadOS versions prior to 17.3 Description: The issue was addressed with improved authentication. Stolen Device Protection may be unexpectedly disabled. Recommendations: For iOS versions prior to 17.3, update to iOS...

CVE-2023-7084 Voting Record <= 2.0 - Subscriber+ Stored XSS

The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks...

CVE-2021-24151 WP Editor < 1.2.7 - Authenticated SQL injection

The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings...

CVE-2023-31211 Disabled automation users could still authenticate

Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials...

CVE-2023-40393

An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication...

Authentication flaw

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication...

CVE-2023-40393

An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication...

CVE-2023-40393

An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication...