Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23637 | 1 Octoprint | 1 Octoprint | 2024-11-21 | 4.2 Medium |
| OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an admin account might use this to lock out actual admins from their OctoPrint instance. The vulnerability will be patched in version 1.10.0. | ||||
| CVE-2023-5844 | 1 Pimcore | 1 Admin Classic Bundle | 2024-11-21 | 7.2 High |
| Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0. | ||||
| CVE-2023-4465 | 1 Poly | 8 Ccx 400, Ccx 400 Firmware, Ccx 600 and 5 more | 2024-11-21 | 2.7 Low |
| A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-4381 | 1 Instantcms | 1 Instantcms | 2024-11-21 | 4.3 Medium |
| Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
| CVE-2022-3152 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 8.8 High |
| Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20. | ||||
| CVE-2022-2930 | 1 Octoprint | 1 Octoprint | 2024-11-21 | 7.8 High |
| Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3. | ||||
| CVE-2022-21935 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-11-21 | 7.5 High |
| A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change. | ||||
| CVE-2022-21934 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-11-21 | 8 High |
| Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2. | ||||
| CVE-2021-34786 | 1 Cisco | 1 Broadworks Commpilot Application Software | 2024-11-21 | 6.5 Medium |
| Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. | ||||
| CVE-2021-34785 | 1 Cisco | 1 Broadworks Commpilot Application Software | 2024-11-21 | 6.5 Medium |
| Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. | ||||
| CVE-2021-22773 | 1 Schneider-electric | 12 Evlink City Evc1s22p4, Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 and 9 more | 2024-11-21 | 6.5 Medium |
| A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker connected to the charging station web server to modify the password of a user. | ||||
| CVE-2020-7378 | 1 Opencrx | 1 Opencrx | 2024-11-21 | 9.1 Critical |
| CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020. | ||||
| CVE-2024-8794 | 2 Ba-booking, Booking Algorithms | 2 Ba Book Everything, Ba Book Everything | 2024-09-26 | 5.3 Medium |
| The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the reset_user_password() function not verifying a user's identity prior to setting a password. This makes it possible for unauthenticated attackers to reset any user's passwords, including administrators. It's important to note that the attacker will not have access to the generated password, therefore, privilege escalation is not possible. | ||||
| CVE-2024-21757 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-08-22 | 5.5 Medium |
| A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup. | ||||