Missing Authentication for Critical FunctionCWE-306
| CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
|---|---|---|---|---|---|
CVE-2024-9984Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. | CVSS 9.8 | Ragic | - | - |  |
CVE-2024-9522The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'ajax_masq_login' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. | CVSS 8.8 | Wordpress | - | - |  |
CVE-2024-9430The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to download Quote PDF and CSV documents. | CVSS 5.3 | Wordpress | - | - |  |
CVE-2024-9289The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callback() function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated attackers to log in as any user, including administrators, granted they have access to the administrator's email. | CVSS 9.8 | Redefiningtheweb, et al | - | - |  |
CVE-2024-9164An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches. | CVSS 9.6 | Gitlab | - | - |  |
CVE-2024-9137The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. | CVSS 9.4 | Moxa | - | - |  |
CVE-2024-8751A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP
address over Sopas ET.
This can lead to Denial of Service.
Users are recommended to upgrade both
MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue. | CVSS 7.5 | Sick | - | - |  |
CVE-2024-8530The vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is not required to exploit this vulnerability.<br/>The specific flaw exists within the handling of log files. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information, leading to further compromise.<br/> <p><a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-289-02" rel="nofollow">https://www.cisa.gov/news-events/ics-advisories/icsa-24-289-02</a><br/><a href="https://community.se.com/t5/Data-Center-Expert-release-notes/EcoStruxure-IT-Data-Center-Expert-8-2-0-release-notes/ta-p/463789" rel="nofollow">https://community.se.com/t5/Data-Center-Expert-release-notes/EcoStruxure-IT-Data-Center-Expert-8-2-0-release-notes/ta-p/463789</a></p><br/></td> | CVSS 5.9 | Schneider-electric | Exploit | - |  |
CVE-2024-8456Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices. | CVSS 9.8 | Planet | - | - |  |
CVE-2024-8321Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network. | CVSS 8.6 | Ivanti | - | Patched |  |
CVE-2024-8320Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. | CVSS 5.3 | Ivanti | - | Patched |  |
CVE-2024-8310OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the server and obtain full admin privileges. | CVSS 9.8 | - | - |  | |
CVE-2024-8277The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login() function and not properly verifying the user's identity. This makes it possible for unauthenticated attackers to log in as user that has dismissed an admin notice in the past 30 days, which is often an administrator. Alternatively, a user can log in as any user with any transient that has a valid user_id as the value, though it would be more difficult to exploit this successfully. | CVSS 9.8 | Wordpress, et al | Exploit | - |  |
CVE-2024-8012An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | CVSS 7.8 | Ivanti | - | Patched |  |
CVE-2024-7940The product exposes a service that is intended for local only to
all network interfaces without any authentication. | CVSS 9.8 | Apache, et al | - | Patched |  |
CVE-2024-7781The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8. | CVSS 9.8 | Artbees, et al | - | Patched |  |
CVE-2024-7154A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 7.5 | Totolink | Exploit | - |  |
CVE-2024-7079A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint. | CVSS 6.5 | Openshift, et al | - | Patched |  |
CVE-2024-7015Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2. | CVSS 9.8 | Profelis | - | - |  |
CVE-2024-7007Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application. | CVSS 9.8 | Positron | - | - |  |
CVE-2024-6981OMNTEC Proteus Tank Monitoring OEL8000III Series
could allow an attacker to perform administrative actions without proper authentication. | CVSS 9.8 | Tryton | - | - |  |
CVE-2024-6895Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover. | CVSS Low | Yugabyte | - | - |  |
CVE-2024-6582A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known. | CVSS 4.3 | Lunary | Exploit | Patched |  |
CVE-2024-6422An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. | CVSS 9.8 | Pepperl-fuchs | - | - |  |
CVE-2024-6347* Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU's programming session.
* No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication. | CVSS 6.5 | Nissan | - | - |  |
CVE-2024-5952This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.<br/>The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.<br/> <p>01/21/24 – ZDI requested a vendor PSIRT contact. </p><p>01/22/24 – The vendor provided contact information.</p><p>01/23/24 – ZDI reported the vulnerability to the vendor. </p><p>02/05/24 – The vendor states the report was blocked by IT and asked ZDI to resend the report. </p><p>02/12/24 – ZDI resent the report using an alternative method.</p><p>02/13/24 – The vendor asked why we performed tests on their products.</p><p>02/13/24 – ZDI provided the vendor with additional details about the ZDI program.</p><p>02/14/24 – The vendor asked what initiated the ZDI to look at the DSE855.</p><p>02/14/24 – ZDI emphasized our intent to responsibly disclose this vulnerability to Deep Sea for remediation. The ZDI also offered additional resources about coordinated vulnerability disclosure, as well as feedback on implementing a proper incident response process. We also reiterated our 120-day disclosure policy to ensure the vendor was aware they needed to respond with a patch within the allotted time. </p><p>05/24/24 – ZDI informed the vendor that since we never received a response that we have assume this vulnerability remains unpatched, and that we’re publishing this case as a zero-day advisory on 06/13/24. </p><p>-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application.</p><br/></td> | CVSS 6.5 | Exploit | - |  | |
CVE-2024-5951This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.<br/>The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.<br/> <p>01/21/24 – ZDI requested a vendor PSIRT contact. </p><p>01/22/24 – The vendor provided contact information.</p><p>01/23/24 – ZDI reported the vulnerability to the vendor. </p><p>02/05/24 – The vendor states the report was blocked by IT and asked ZDI to resend the report. </p><p>02/12/24 – ZDI resent the report using an alternative method.</p><p>02/13/24 – The vendor asked why we performed tests on their products.</p><p>02/13/24 – ZDI provided the vendor with additional details about the ZDI program.</p><p>02/14/24 – The vendor asked what initiated the ZDI to look at the DSE855.</p><p>02/14/24 – ZDI emphasized our intent to responsibly disclose this vulnerability to Deep Sea for remediation. The ZDI also offered additional resources about coordinated vulnerability disclosure, as well as feedback on implementing a proper incident response process. We also reiterated our 120-day disclosure policy to ensure the vendor was aware they needed to respond with a patch within the allotted time. </p><p>05/24/24 – ZDI informed the vendor that since we never received a response that we have assume this vulnerability remains unpatched, and that we’re publishing this case as a zero-day advisory on 06/13/24. </p><p>-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application.</p><br/></td> | CVSS 6.5 | Exploit | - |  | |
CVE-2024-5947This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.<br/>The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.<br/> <p>01/21/24 – ZDI requested a vendor PSIRT contact. </p><p>01/22/24 – The vendor provided contact information.</p><p>01/23/24 – ZDI reported the vulnerability to the vendor. </p><p>02/05/24 – The vendor states the report was blocked by IT and asked ZDI to resend the report. </p><p>02/12/24 – ZDI resent the report using an alternative method.</p><p>02/13/24 – The vendor asked why we performed tests on their products.</p><p>02/13/24 – ZDI provided the vendor with additional details about the ZDI program.</p><p>02/14/24 – The vendor asked what initiated the ZDI to look at the DSE855.</p><p>02/14/24 – ZDI emphasized our intent to responsibly disclose this vulnerability to Deep Sea for remediation. The ZDI also offered additional resources about coordinated vulnerability disclosure, as well as feedback on implementing a proper incident response process. We also reiterated our 120-day disclosure policy to ensure the vendor was aware they needed to respond with a patch within the allotted time. </p><p>05/24/24 – ZDI informed the vendor that since we never received a response that we have assume this vulnerability remains unpatched, and that we’re publishing this case as a zero-day advisory on 06/13/24. </p><p>-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application.</p><br/></td> | CVSS 6.5 | Exploit | - |  | |
CVE-2024-5910Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.
Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue. | CVSS 9.8 | Paloaltonetworks | Exploit | Patched |  |
CVE-2024-5749Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. | CVSS 7.5 | - | - |  | |
CVE-2024-52549Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system. This allows attackers with Overall/Read permission to check for the existence of files on the controller file system. Script Security Plugin 1368.vb_b_402e3547e7 requires Overall/Administer permission for the affected form validation method. | CVSS 4.3 | Jenkins | - | Patched |  |
CVE-2024-51567upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected. | CVSS 9.8 | Cyberpanel | Exploit | Patched |  |
CVE-2024-5143A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed. | CVSS 6.8 | - | - |  | |
CVE-2024-51362The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security. No credentials or special permissions are required, and access can be gained remotely over the network. | CVSS 6.5 | - | - |  | |
CVE-2024-50589An unauthenticated attacker with access to the local network of the
medical office can query an unprotected Fast Healthcare Interoperability
Resources (FHIR) API to get access to sensitive electronic health
records (EHR). | CVSS 7.5 | Fhir | - | - |  |
CVE-2024-50489Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through 1.0.45. | CVSS 9.8 | Realty workstation | - | - |  |
CVE-2024-50488Authentication Bypass Using an Alternate Path or Channel vulnerability in Priyabrata Sarkar Token Login allows Authentication Bypass.This issue affects Token Login: from n/a through 1.0.3. | CVSS 8.8 | Wordpress | - | - |  |
CVE-2024-50487Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API allows Authentication Bypass.This issue affects MaanStore API: from n/a through 1.0.1. | CVSS 9.8 | Wordpress | - | - |  |
CVE-2024-50486Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5. | CVSS 9.8 | Wordpress | - | - |  |
CVE-2024-50477Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. | CVSS 9.8 | Wordpress | - | - |  |
CVE-2024-49604Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5. | CVSS 9.8 | Wordpress, et al | - | - |  |
CVE-2024-49399The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. | CVSS Low | Apache | - | - |  |
CVE-2024-49328Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0. | CVSS 9.8 | Wordpress | - | - |  |
CVE-2024-48966The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. | CVSS 10 | Baxter | - | - |  |
CVE-2024-48953An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access. | CVSS 7.5 | Logpoint | - | - |  |
CVE-2024-48952An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints. | CVSS 6.4 | Logpoint | - | - |  |
CVE-2024-48950An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication. | CVSS 7.5 | Logpoint | - | - |  |
CVE-2024-48920PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually. | CVSS 9.1 | - | - |  | |
CVE-2024-48777LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process. | CVSS 7.5 | - | - |  | |
CVE-2024-48776An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process | CVSS 7.5 | Shelly | - | - |  |
CVE-2024-48775An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | CVSS 7.5 | - | - |  | |
CVE-2024-48773An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process | CVSS 7.5 | - | - |  | |
CVE-2024-48771An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process | CVSS 7.5 | - | - |  | |
CVE-2024-48768An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process | CVSS 7.5 | - | - |  | |
CVE-2024-48442Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication. | CVSS 6.5 | - | - |  | |
CVE-2024-47912A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to access and delete sensitive information. | CVSS 8.2 | Mitel | - | - |  |
CVE-2024-47902A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not authenticate GET requests that execute specific commands (such as `ping`) on operating system level. | CVSS 9.8 | Intermesh, et al | - | Patched |  |
CVE-2024-47575A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests. | CVSS 9.8 | Fortinet | Exploit | Patched |  |
CVE-2024-47555Missing Authentication - User & System Configuration | CVSS 8.3 | Adobe | - | - |  |
CVE-2024-47130The goTenna Pro App allows unauthenticated attackers to remotely update
the local public keys used for P2P and group messages. It is advised to
update your app to the current release for enhanced encryption
protocols. | CVSS 6.5 | - | - |  | |
CVE-2024-47051Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable | CVSS MEDIUM | - | Patched |  | |
CVE-2024-46293Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether the user is logged in as an admin or even check for a session token at all. | CVSS 9.8 | Sourcecodester | - | - |  |
CVE-2024-45844BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | CVSS 7.2 | F5 | - | - |  |
CVE-2024-45276An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication. | CVSS 7.5 | Helmholz, et al | - | - |  |
CVE-2024-45274An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. | CVSS 9.8 | Helmholz, et al | - | - |  |
CVE-2024-45229The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can be exploited by injecting invalid arguments into a GET request, potentially exposing the authentication tokens of other currently logged-in users. These tokens can then be used to invoke additional APIs on port 9183. This exploit does not disclose any username or password information.
Currently, there are no workarounds in Versa Director. However, if there is Web Application Firewall (WAF) or API Gateway fronting the Versa Director, it can be used to block access to the URLs of vulnerable API. /vnms/devicereg/device/* (on ports 9182 & 9183) and /versa/vnms/devicereg/device/* (on port 443). Versa recommends that Directors be upgraded to one of the remediated software versions. This vulnerability is not exploitable on Versa Directors not exposed to the Internet.We have validated that no Versa-hosted head ends have been affected by this vulnerability. Please contact Versa Technical Support or Versa account team for any further assistance. | CVSS Low | Versa-networks | - | - |  |
CVE-2024-45049Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying https://github.com/NixOS/hydra/commit/f73043378907c2c7e44f633ad764c8bdd1c947d5 to any Hydra package. Users are advised to upgrade. Users unable to upgrade should deny the `/api/push` route in a reverse proxy. This also breaks the "Evaluate jobset" button in the frontend. | CVSS 7.5 | Nixos | - | - |  |
CVE-2024-43798Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented `AUTH` environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is using the `AUTH` environment variable to specify credentials to authenticate against is affected by this vulnerability. Chisel is often used to provide an entrypoint to a private network, which means services that are gated by Chisel may be affected. Additionally, Chisel is often used for exposing services to the internet. An attacker could MITM requests by connecting to a Chisel server and requesting to forward traffic from a remote port. This issue has been addressed in release version 1.10.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 8.6 | - | Patched |  | |
CVE-2024-43488<p>Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.</p>
| CVSS 8.8 | Arduino, et al | - | Patched |  |
CVE-2024-43272Missing Authentication for Critical Function vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24. | CVSS 5.3 | Icegram | - | - |  |
CVE-2024-42017An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication. | CVSS 10 | Atos | - | - |  |
CVE-2024-41988TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code. | CVSS Low | - | - |  | |
CVE-2024-41969A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. | CVSS 8.8 | Codesys | - | - |  |
CVE-2024-41968A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. | CVSS 5.4 | Wago | - | - |  |
CVE-2024-41967A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. | CVSS 8.1 | Microsoft | - | - |  |
CVE-2024-41259Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information. | CVSS 9.1 | Navidrome | - | Patched |  |
CVE-2024-40091Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system. | CVSS 5.3 | Boa | - | - |  |
CVE-2024-40087Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router. | CVSS 9.6 | - | - |  | |
CVE-2024-39601A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. | CVSS 6.5 | Siemens | - | - |  |
CVE-2024-39364Advantech ADAM-5630
has built-in commands that can be executed without authenticating the
user. These commands allow for restarting the operating system,
rebooting the hardware, and stopping the execution. The commands can be
sent to a simple HTTP request and are executed by the device
automatically, without discrimination of origin or level of privileges
of the user sending the commands. | CVSS 6.3 | Advantech | - | - |  |
CVE-2024-39300Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings. | CVSS 3.7 | Elecom | - | Patched |  |
CVE-2024-38437D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel | CVSS 9.8 | Dlink | - | - |  |
CVE-2024-38279The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. | CVSS 4.6 | Motorola | - | - |  |
CVE-2024-38143Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | CVSS 4.2 | Microsoft | - | Patched |  |
CVE-2024-37991A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The service log files of the affected application can be accessed without proper authentication. This could allow an unauthenticated attacker to get access to sensitive information. | CVSS 6.5 | Siemens | - | Patched |  |
CVE-2024-3777
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.
| CVSS 9.8 | Ai3 | - | - |  |
CVE-2024-37767Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request. | CVSS 7.5 | - | - |  | |
CVE-2024-3774aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values. | CVSS 5.3 | Ni, et al | - | - |  |
CVE-2024-37152Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17. | CVSS 7.5 | Linuxfoundation, et al | - | Patched |  |
CVE-2024-3701
The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services.
| CVSS 9.8 | - | - |  | |
CVE-2024-3661By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. Many, if not most VPN systems based on IP routing are susceptible to such attacks.
| CVSS 7.6 | Isc | - | - |  |
CVE-2024-36543Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially steal Kafka SASL credentials, by querying the MirrorMaker Kafka REST API. | CVSS 9.8 | Apache | - | Patched |  |
CVE-2024-36457The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. | CVSS Low | Apache | - | - |  |
CVE-2024-36445Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication. | CVSS 9.8 | - | - |  | |
CVE-2024-35294An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials. | CVSS 6.5 | Cisco | - | - |  |
CVE-2024-35293An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS. | CVSS 9.1 | Dlink | - | - |  |
CVE-2024-35151IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. | CVSS 6.5 | Ibm | - | Patched |  |
CVE-2024-35143IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420. | CVSS 9.1 | Ibm | - | Patched |  |
CVE-2024-35124A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674. | CVSS 7.5 | Ibm | - | Patched |  |
CVE-2024-34800Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through 3.3. | CVSS 7.6 | - | - |  |