CVE-2023-40393

The CVE-2023-40393 issue is an authentication-related flaw in Apple macOS Sonoma 14 where photos in the Hidden Photos Album could be viewed without authentication. The Red Hat/Apple documentation confirms the fix is included in macOS Sonoma 14 (and iOS 17 / iPadOS 17 for corresponding platforms) ...

CentOS 7 : cups (RHSA-2023:4766)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4766 advisory. - An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. ...

CVE-2023-47118 Heap buffer overflow in T64 codec decompression

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...

PT-2023-8159 · Voltronic Power · Voltronic Power Viewpower

Name of the Vulnerable Software and Affected Versions: Voltronic Power ViewPower Pro affected versions not specified Description: The issue is related to the lack of authentication in the SocketService module of Voltronic Power ViewPower Pro, allowing remote attackers to create a denial-of-servic...

PT-2023-26015 · Apache · Apache Pulsar Websocket Proxy

Name of the Vulnerable Software and Affected Versions: Apache Pulsar WebSocket Proxy versions 2.8.0 through 2.8. Apache Pulsar WebSocket Proxy versions 2.9.0 through 2.9. Apache Pulsar WebSocket Proxy versions 2.10.0 through 2.10.4 Apache Pulsar WebSocket Proxy versions 2.11.0 through 2.11.1 Apac...

SmartStar Software CWS Trust Management Issue Vulnerability

SmartStar Software CWS is a Web-based integration platform from China-based SmartStar Software. A trust management issue exists in SmartStar Software CWS v10.25. The vulnerability stems from a low-privileged specific account using a fixed key for authentication purposes, which can be exploited by...

IceCMS Security Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation by NgShow individual developers. A security vulnerability exists in IceCMS version 2.0.1, which stems from the presence of an unknown function in the login of the Captcha Handler component, which ca...

Apple Mac OS X Security Update (HT214037)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-42891

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to monitor keystrokes without user permission...

CVE-2023-42891

CVE-2023-42891 : An authentication issue in macOS components (notably IOKit) could allow an app to monitor keystrokes without user permission. The issue is addressed with improved state management and is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, and macOS Monterey 12.7.2. CVSS v3.1 base s...

Social Media Feather < 2.1.4 - Subscriber+ Unauthorised Action

Description The plugin does not have authorisation in a function, allowing any authenticated users, such as subscriber to call it...

macOS 13.x < 13.6.3 Multiple Vulnerabilities (HT214038)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.6.3. It is, therefore, affected by multiple vulnerabilities: - Buffer Overflow vulnerability in oneonemapping function in progs/dumpentry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service vi...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information disclosure in Apple macOS Big Sur [CVE-2023-32360]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information disclosure in Apple macOS Big Sur, caused by an authentication issue in the CUPS component CVE-2023-32360. Some of the libraries used by our Speech microservices are affected by this...

VulnCheck KEV: CVE-2017-7927

A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3,...

YubiKey authentication is working on published desktop but not published app

YubiKey does not work from a published app browser e.g., Microsoft Edge, but it works on the same browser inside a published desktop. The published app and desktop are both hosted on the same server...

PT-2023-30560 · First · Dvrs

Name of the Vulnerable Software and Affected Versions: First Corporation's DVRs affected versions not specified Description: A missing authentication for critical function issue allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device...

PT-2023-7324 · Red Lion · Red Lion Versatrak +1

Name of the Vulnerable Software and Affected Versions: Red Lion SixTRAK and VersaTRAK Series RTUs affected versions not specified Description: The issue is related to the authentication function in Red Lion SixTRAK and VersaTRAK Series RTUs. When authenticated users are enabled, any Sixnet UDR...

CVE-2023-45624

An unauthenticated Denial-of-Service DoS vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point...

CVE-2023-46096

A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents...

CVE-2023-44320

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V7.2.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V7.2.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V7.2.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V7.2.2,...