Lucene search
K

2966 matches found

CNNVD
CNNVD
added 2023/10/25 12:0 a.m.3 views

IDAttend IDWeb Access Control Error Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions, which stems from a lack of authentication in the StudentPopupDetailsContactDetails method...

7.5CVSS7AI score0.00695EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.4 views

IDAttend IDWeb Access Control Error Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions, which stems from a lack of authentication in the SetStudentNotes method...

7.5CVSS7AI score0.00603EPSS
Exploits0References2
ICS
ICS
added 2023/10/12 12:0 p.m.23 views

Schneider Electric IGSS

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : low attack complexity Vendor : Schneider Electric Equipment : IGSS Interactive Graphical SCADA System Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

7.8CVSS8.6AI score0.00173EPSS
Exploits0References34
BDU FSTEC
BDU FSTEC
added 2023/10/10 12:0 a.m.6 views

The vulnerability of backup and data recovery software on computers and servers with Acronis Agent lies in the lack of authentication procedures, which allow attackers to gain unauthorized access to protected information.

The vulnerability of backup and data recovery software on computers and servers with Acronis Agent stems from the lack of authentication procedures. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

7.1CVSS7.2AI score0.00214EPSS
Exploits0References2
Veracode
Veracode
added 2023/09/28 5:55 a.m.16 views

Missing Authentication For Critical Function

github.com/cilium/cilium is vulnerable to Missing Authentication. The vulnerability is due to the ValidateCNP function in validator.go which lacks checks for a policy with any malicious or incorrectly match configurations, allowing an attacker to create policies that bypass namespace restrictions...

8.1CVSS6.7AI score0.00408EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/09/27 3:18 p.m.4 views

CVE-2023-36851

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...

5.3CVSS5.9AI score0.011EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/09/27 3:18 p.m.34 views

CVE-2023-36851

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...

5.3CVSS6.4AI score0.011EPSS
In wildExploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/25 12:0 a.m.5 views

The vulnerability of the libspdm library, related to the absence of an authentication procedure that allows attackers to intercept user sessions

The vulnerability of the libspdm library is related to the absence of an authentication process. Exploiting this vulnerability allows a malicious actor to intercept a user’s session remotely...

9CVSS7.5AI score0.00943EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2023/09/18 12:0 a.m.383 views

Atos Unify OpenScape Code Execution / Missing Authentication

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Remote Code Execution and Missing Authentication product: Atos Unify OpenScape Session Border Controller Atos Unify OpenScape Branch Atos Unify OpenScape BC...

7.1AI score0.0356EPSS
Exploits4
0day.today
0day.today
added 2023/09/18 12:0 a.m.409 views

Atos Unify OpenScape Code Execution / Missing Authentication Vulnerabilities

Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch, and Atos Unify OpenScape BCF suffer from remote code execution and missing authentication vulnerabilities. Atos OpenScape SBC versions before 10 R3.3.0, Branch version 10 versions before R3.3.0, and BCF version 10 versio...

9.8CVSS9.9AI score0.0356EPSS
Exploits4
NVD
NVD
added 2023/09/14 9:15 a.m.18 views

CVE-2023-4516

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...

7.8CVSS7.5AI score0.00173EPSS
Exploits0References1
OSV
OSV
added 2023/09/14 9:15 a.m.4 views

CVE-2023-4516

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...

7.8CVSS5.9AI score0.00173EPSS
Exploits0References1
Prion
Prion
added 2023/09/14 9:15 a.m.14 views

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...

4.3CVSS7.5AI score0.00173EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/14 8:54 a.m.21 views

CVE-2023-4516

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...

7.8CVSS7.7AI score0.00173EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/14 8:54 a.m.5 views

CVE-2023-4516

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...

7.8CVSS7.5AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2023/09/14 8:54 a.m.62 views

CVE-2023-4516

Schneider Electric IGSS Update Service (v16.0.0.23211 and earlier) is affected by CVE-2023-4516: a CWE-306 missing authentication for a critical function vulnerability that lets a local attacker change the update source, potentially enabling remote code execution when a malicious update is applie...

7.8CVSS7.5AI score0.00173EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/12 1:59 a.m.31 views

CVE-2023-41367 Missing Authentication check in SAP NetWeaver (Guided Procedures)

Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver Guided Procedures - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s...

5.3CVSS5.8AI score0.00449EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/12 12:0 a.m.5 views

SAP CommonCryptoLib and abu security vulnerabilities

SAP CommonCryptoLib is a password library from SAP, a German company. A security vulnerability exists in SAP CommonCryptoLib that stems from not performing the required authentication checks, which could result in missing or incorrect authorization checks for authenticated users, leading to...

9.8CVSS7AI score0.00748EPSS
Exploits0References4
NVD
NVD
added 2023/09/07 7:15 a.m.14 views

CVE-2023-4815

Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3...

8.8CVSS8.7AI score0.00682EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/09/07 6:26 a.m.14 views

CVE-2023-4815 Missing Authentication for Critical Function in answerdev/answer

Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3...

8.3CVSS6.8AI score0.00682EPSS
Exploits1References2
Rows per page
Query Builder