Total
1928 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35830 | 1 Stw-mobile-machines | 4 Tcg-4, Tcg-4 Firmware, Tcg-4lite and 1 more | 2024-11-27 | N/A | 9.8 CRITICAL |
| STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS. | |||||
| CVE-2023-34761 | 1 7-eleven | 2 Hello Cup, Led Message Cup | 2024-11-27 | N/A | 6.5 MEDIUM |
| An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter. | |||||
| CVE-2020-12492 | 2024-11-25 | N/A | N/A | ||
| Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information. | |||||
| CVE-2020-12491 | 2024-11-25 | N/A | N/A | ||
| Improper control of framework service permissions with possibility of some sensitive device information leakage. | |||||
| CVE-2024-47138 | 2024-11-22 | N/A | 9.8 CRITICAL | ||
| The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed. | |||||
| CVE-2024-33622 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated attacker. | |||||
| CVE-2024-47865 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device. | |||||
| CVE-2024-52438 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Missing Authentication for Critical Function vulnerability in deco.Agency de:branding allows Privilege Escalation.This issue affects de:branding: from n/a through 1.0.2. | |||||
| CVE-2024-52437 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Missing Authentication for Critical Function vulnerability in Saul Morales Pacheco Banner System allows Privilege Escalation.This issue affects Banner System: from n/a through 1.0.0. | |||||
| CVE-2024-7154 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7079 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | N/A | 6.5 MEDIUM |
| A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint. | |||||
| CVE-2024-7007 | 1 Positron | 2 Tra7005, Tra7005 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application. | |||||
| CVE-2024-6895 | 2024-11-21 | N/A | N/A | ||
| Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover. | |||||
| CVE-2024-6422 | 1 Pepperl-fuchs | 8 Oit1500-f113-b12-cb, Oit1500-f113-b12-cb Firmware, Oit200-f113-b12-cb and 5 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. | |||||
| CVE-2024-5952 | 1 Deepseaelectronics | 2 Dse855, Dse855 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23174. | |||||
| CVE-2024-5951 | 1 Deepseaelectronics | 2 Dse855, Dse855 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23173. | |||||
| CVE-2024-5947 | 1 Deepseaelectronics | 2 Dse855, Dse855 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679. | |||||
| CVE-2024-48774 | 2024-11-21 | N/A | 7.5 HIGH | ||
| An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process. | |||||
| CVE-2024-3281 | 2024-11-21 | N/A | 8.8 HIGH | ||
| A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor. | |||||
| CVE-2024-38437 | 1 Dlink | 2 Dsl-225, Dsl-225 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel | |||||