PT-2023-22837 · Samsung · Galaxy Themes Service

Name of the Vulnerable Software and Affected Versions: Galaxy Themes Service versions prior to SMR Jul-2023 Release 1 Description: A missing authentication issue allows local attackers to delete arbitrary non-preloaded applications. Recommendations: For versions prior to SMR Jul-2023 Release 1,...

CVE-2023-36821

Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is...

PT-2023-23823 · WordPress · Web3

Name of the Vulnerable Software and Affected Versions: Web3 – Crypto wallet Login & NFT token gating plugin for WordPress versions up to, and including, 2.6.0 Description: The issue is related to incorrect authentication checking in the hidden form data function, allowing authenticated attackers ...

"Cannot Complete Your Request" via Oauth after Upgrading NetScaler from 12.1 to 13.0

After ADC is upgraded from 12.1 to 13.0, the user keeps getting "Cannot Complete Your Request" when attempting to access resources through ADC with Oauth authentication. As a comparison, there is no issue accessing StoreFront directly in the intranet without Oauth...

CVE-2023-27964

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source...

CVE-2023-27964

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source...

CVE-2023-32360

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents...

DEBIAN-CVE-2023-32360

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents...

CVE-2023-32360

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents...

UBUNTU-CVE-2023-32360

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents...

CVE-2023-32360

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents...

CVE-2023-32360

CVE-2023-32360 affects the CUPS printing system. The issue is an authentication/state-management weakness that could allow an unauthenticated local user to access recently printed documents. Patches/mitigations are referenced across multiple advisories (e.g., macOS updates fixing the issue; vario...

CVE-2023-35885

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication...

DEBIAN-CVE-2023-20867

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine...

CVE-2023-31196

Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attacker to obtain sensitive information of the affected products. Affected products and versions are as follows: AC-PD-WAPU v1.05B04 and earlier, AC-PD-WAPUM v1.05B04 and earlier, AC-PD-WAPU-P v1.05B04P...

PT-2023-24861 · Percona · Percona Monitoring/Management

Name of the Vulnerable Software and Affected Versions: Percona Monitoring and Management PMM server versions 2.x through 2.37.0 Description: The issue arises from the authenticate function in auth server.go not properly formalizing and sanitizing URL paths, which fails to reject path traversal...

PT-2023-23585 · Nextcloud · User Oidc

Name of the Vulnerable Software and Affected Versions: user oidc app versions prior to 1.3.2 Description: The user oidc app, an OpenID Connect user backend for Nextcloud, has an issue where authentication can be broken or bypassed. Recommendations: For versions prior to 1.3.2, upgrade the Nextclo...

PT-2023-17419 · Johnson Controls · Openblue Enterprise Manager Data Collector

Name of the Vulnerable Software and Affected Versions: OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 Description: The issue concerns improper authentication, allowing unauthorized access under certain circumstances. Recommendations: For versions prior to 3.2.5.75, update t...

macOS 12.x < 12.6.6 Multiple Vulnerabilities (HT213759)

The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.6.6. It is, therefore, affected by multiple vulnerabilities: - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 a...

macOS 13.x < 13.4 Multiple Vulnerabilities (HT213758)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.4. It is, therefore, affected by multiple vulnerabilities: - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and...