CVE-2024-46041

IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay...

IoT Haat Smart Plug IH-IN-16A-S 安全漏洞

IoT Haat Smart Plug IH-IN-16A-S is a smart plug from IoT Haat. A security vulnerability exists in IoT Haat Smart Plug IH-IN-16A-S version v5.16.1, which stems from the presence of a session expiration insufficiency issue and lack of validation of authentication tokens, which could lead to an...

PT-2024-31882 · Iot Haat · Iot Haat Smart Plug Ih-In-16A-S

Name of the Vulnerable Software and Affected Versions: IoT Haat Smart Plug IH-IN-16A-S version 5.16.1 Description: The issue is related to Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode allows an attacker to...

IoT Haat Smart Plug IH-IN-16A-S 安全漏洞

IoT Haat Smart Plug IH-IN-16A-S is a smart plug from IoT Haat. A security vulnerability exists in IoT Haat Smart Plug IH-IN-16A-S version v5.16.1, which stems from vulnerability to capture replay authentication bypass attacks...

CVE-2024-46041

IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay...

CVE-2024-46040

IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is affected by Insufficient Session Expiration due to lack of validation of the authentication token during the Access Point Pairing mode. This enables an attacker to replay Wi-Fi provisioning packets and forcibly turn off the access point after the token e...

CVE-2024-46041

IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is affected by CVE-2024-46041: an Authentication Bypass via capture-replay during Provisioning (Access Point pairing). Public sources (NVD/Red Hat/CNNVD) confirm the product and version, describing an authentication-token replay attack that can bypass login...

Moderate: mod_jk bug fix update

The modjk module is an Apache HTTP Server plug-in that enables the Apache HTTP Server to connect with the Apache Tomcat servlet engine. Bug Fixes: Rebase to upstream 1.2.50 release JIRA:AlmaLinux-58855 Security fixes: modjk: information Disclosure / DoS CVE-2024-46544 JIRA:AlmaLinux-59800...

TP-LINK Kasa KP125M和TP-LINK Tapo P125M 安全漏洞

TP-LINK Kasa KP125M and TP-LINK Tapo P125M are both a smart plug from China P&L TP-LINK. A security vulnerability exists in TP-LINK Kasa KP125M v1.0.0 and TP-LINK Tapo P125M v1.0.0, which stems from the presence of an information disclosure vulnerability that can be exploited by an attacker to...

UBUNTU-CVE-2024-46810

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Make sure the connector is fully initialized before signalling any HPD events via drmkmshelperhotplugevent, otherwise this may lead to NULL...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from failing to ensure that the connector is fully initialized before sending an HPD event. No details of the...

Release Information for Veeam Backup for Nutanix AHV 6.1

This update has been superseded by Veeam Backup for Nutanix AHV 7.0, which was released alongside and supports only Veeam Backup & Replication 12.3. Requirements To upgrade to Veeam Backup for Nutanix AHV 6.1, download the installer below and run it on the Veeam Backup & Replication server that...

RHEL 8 : dovecot (RHSA-2024:6973)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6973 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...

RHSA-2018:1119 Red Hat Security Advisory: flash-plugin security update

Bulletin has no description...

Stripe CLI 安全漏洞

Stripe CLI is a command line tool for the Stripe e-commerce platform from Stripe Ireland. A security vulnerability exists in Stripe CLI version 1.11.1 and later versions, which stems from the inclusion of plug-in packages with formatting errors that can overwrite arbitrary files...

Microsoft Plug and Play Service Registry Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Plug and Play Service Registry Overflow', 'Description' = %q This module triggers a stack buffer overflow in the Windows Plug and Play...

[SECURITY] Fedora 40 Update: bind-dyndb-ldap-11.10-29.fc40

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

Plug and Track Sensor Net Connect 安全漏洞

Plug and Track Sensor Net Connect is a smart sensor from the French company Plug and Track. It is used to monitor temperature, humidity, pressure, CO2 and other parameters. A security vulnerability exists in Plug and Track Sensor Net Connect version V2, which stems from passwords being stored in...

PT-2024-23626 · Unknown · Plug&Track Sensor Net Connect V2

Name of the Vulnerable Software and Affected Versions: Plug&Track Sensor Net Connect V2 version 2.24 Description: A Cross-Site Request Forgery CSRF issue can be exploited by remote attackers to perform state-changing operations with administrative privileges. This is done by luring authenticated...

Plug and Track Sensor Net Connect 安全漏洞

Plug and Track Sensor Net Connect is a smart sensor from the French company Plug and Track. It is used to monitor temperature, humidity, pressure, CO2 and other parameters. A security vulnerability exists in Plug and Track Sensor Net Connect version V2, which stems from the presence of cross-site...