PT-2023-14723 · Megafeis +1 · Megafeis +1

Name of the Vulnerable Software and Affected Versions: MEGAFEIS, BOFEI DBD+ Application for IOS & Android version 1.4.4 Description: An issue in the MEGAFEIS, BOFEI DBD+ Application allows an authenticated attacker to gain access to sensitive account information. Recommendations: For version 1.4....

PT-2023-1954 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master versions prior to 1.0.5 Description: The issue is related to a lack of authentication for a critical function, which could allow an attacker to achieve unauthenticated remote code execution in the...

PT-2023-21844

Name of the Vulnerable Software and Affected Versions Ansible Semaphore versions prior to 2.8.89 Description The issue is related to the mishandling of authentication in the api/auth.go file. Recommendations For versions prior to 2.8.89, update to version 2.8.89 or later to resolve the issue...

PT-2023-17002 · Sourcecodester · Sourcecodester Medicine Tracker System

Name of the Vulnerable Software and Affected Versions: SourceCodester Medicine Tracker System version 1.0 Description: A critical issue was found in the system, affecting an unknown part of the file Users.php?f=save user. The manipulation of the arguments firstname, middlename, lastname, username...

PT-2023-9095 · Avermedia · Avercaster

Name of the Vulnerable Software and Affected Versions: AVerCaster affected versions not specified Description: The issue is related to insufficient restriction of authentication attempts, allowing a remote attacker to perform a brute force attack. Recommendations: At the moment, there is no...

PT-2023-19853 · Hashicorp +1 · Hashicorp Vault +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions prior to 1.10.11 HashiCorp Vault and Vault Enterprise versions prior to 1.11.8 HashiCorp Vault and Vault Enterprise versions prior to 1.12.4 HashiCorp Vault and Vault Enterprise versions prior to...

CVE-2023-27290 IBM Observability with Instana missing authentication

Docker based datastores for IBM Instana IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0 do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737...

PT-2023-2109 · Cisco · Cisco Unified Intelligence Center

Name of the Vulnerable Software and Affected Versions: Cisco Unified Intelligence Center affected versions not specified Description: The issue is related to the implementation of the application programming interface in the Cisco Unified Intelligence Center reporting tool, which lacks protection...

PT-2023-19794 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions prior to 13.3.1 Description: The issue arises from insufficient validation of the redirect URL during miauth authentication, allowing arbitrary JavaScript execution when a user allows the link. This can be exploited when user...

CVE-2022-32570

Improper authentication in the IntelR Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-33946

Improper authentication in the IntelR SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access...

PT-2023-13326 · Intel · Intel Sur

Name of the Vulnerable Software and Affected Versions: IntelR SUR software versions prior to 2.4.8902 Description: The issue is related to improper authentication, which may allow an authenticated user to potentially enable escalation of privilege via local access. Recommendations: For versions...

PT-2023-13079 · Intel · Intel Quartus Prime Pro +1

Name of the Vulnerable Software and Affected Versions: IntelR Quartus Prime Pro and Standard edition software affected versions not specified Description: The issue is related to improper authentication, which may allow an authenticated user to potentially enable escalation of privilege via local...

CVE-2023-0102 CVE-2023-0102

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files...

JSA10379 - Security Vulnerability in Pulse Connect Secue (PCS) RADIUS authentication mechanism

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. If RADIUSis being used as the authentication mechanism on PCS running an affected release of the OS, then in a specific scenario, an unauthenticated user may be able to get past the...

SA40207 - [Pulse Secure] File content disclosure issue (CVE-2016-4787)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An issue was discovered with the Pulse Connect Secure device that could allow an attacker to print out contents from files from a limited and specific directory on the device. When...

PT-2023-16470 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax add folder function, allowing authenticated attackers with subscriber-level permissions and...

CVE-2022-24895 Symfony vulnerable to Session Fixation of CSRF tokens

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enable...

CVE-2023-24830

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3...

The vulnerability of the implementation of the LDAP authentication process mechanism in the Zoho ManageEngine ServiceDesk Plus system allows a perpetrator to escalate their privileges.

The vulnerability of the LDAP authentication process implementation in Zoho ManageEngine ServiceDesk Plus is related to deficiencies in the authentication procedures. Exploiting this vulnerability can allow attackers to increase their privileges remotely...