Skip to main content
CVE-2023-37863 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-37859 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-37857 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-23347 HIGH This Week

HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dryice Iautomate
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-23346 HIGH This Week

HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dryice Mycloud
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-24471 HIGH This Week

An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cmc Guardian
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2023-23903 MEDIUM This Month

An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cmc Guardian
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2023-39531 MEDIUM PATCH This Month

Sentry is an error tracking and performance monitoring platform. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Authentication Bypass Sentry
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-38209 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-38213 MEDIUM PATCH This Month

Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24477 MEDIUM This Month

In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Rated medium severity (CVSS 5.4). No vendor patch available.

Information Disclosure Google Session Fixation Cmc Guardian
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2023-3953 MEDIUM This Month

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pro Face Gp Pro Ex
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-24015 MEDIUM This Month

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cmc Guardian
NVD
CVSS 4.0
5.3
EPSS
0.5%
CVE-2023-37858 MEDIUM This Month

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2023-31450 MEDIUM This Month

A path traversal vulnerability was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the SQL v2 sensors into. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Prtg Network Monitor
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2023-31449 MEDIUM This Month

A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Prtg Network Monitor
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2023-31448 MEDIUM This Month

A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Prtg Network Monitor
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2023-4242 MEDIUM This Month

The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress Authentication Bypass Full Customer
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-37856 MEDIUM This Month

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-37855 MEDIUM This Month

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-38752 MEDIUM This Month

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Special Interest Group Network For Analysis And Liaison
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-38751 MEDIUM This Month

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Special Interest Group Network For Analysis And Liaison
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-39341 LOW Monitor

"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dual Safe Ffri Yarai Infotrace Mark Ii Malware Protection Zerona +4
NVD
CVSS 3.1
3.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy