102 matches found
CVE-2024-37386
An issue was discovered in Stormshield Network Security SNS 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot. The following versions fix this: 4.3.27, 4.7.6, and 4.8.2...
CVE-2024-37386
Stormshield Network Security (SNS) has a vulnerability affecting versions 4.0.0–4.3.25, 4.4.0–4.7.5, and 4.8.0 that permits restarting in single-user mode despite Secure Boot being active. The issue arises from certain manipulations that bypass the secure boot protection. Remediation is provided ...
CVE-2024-37386
An issue was discovered in Stormshield Network Security SNS 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot. The following versions fix this: 4.3.27, 4.7.6, and 4.8.2...
Stormshield Network Security Security Vulnerabilities
Stormshield Network Security SNS is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability exists in Stormshield Network Security SNS versions 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0, which originates from the fact that...
PT-2024-27512 · Stormshield · Stormshield Network Security
Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 4.0.0 through 4.3.25 Stormshield Network Security SNS versions 4.4.0 through 4.7.5 Stormshield Network Security SNS version 4.8.0 Description: An issue was discovered in Stormshield Network Security S...
Cross Site Scripting (XSS)
JupyterHub is vulnerable to Cross Site Scripting XSS. The vulnerability is due to the mishandling of cookies on malicious subdomains, which allows an attacker to achieve unauthorized access and control over a user's session and potentially gain full access to the JupyterHub API or the user's...
CVE-2024-0436
Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...
CVE-2024-0436 Prevent timing attack for single-user password check
Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...
CVE-2024-0436 Prevent timing attack for single-user password check
Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...
CVE-2022-23003
When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be...
Western Digital Sweet B 安全漏洞
Western Digital Sweet B is a library from Western Digital, Inc. that implements public key elliptic curve cryptography ECC using NIST P-256 and SECG secp256k1 curves. A security vulnerability exists in the Western Digital Sweet B library, which can be exploited by an attacker to cause a limited...
Western Digital Sweet B 安全漏洞
Western Digital Sweet B is a library from Western Digital, Inc. that implements public-key elliptic curve cryptography ECC using NIST P-256 and SECG secp256k1 curves. A security vulnerability exists in the Western Digital Sweet B library, which could be exploited by an attacker to cause a limited...
org.apache.nifi:nifi-bootstrap (>=1.14.0 <=1.15.3), org.apache.nifi:nifi-single-user-iaa-providers (>=1.14.0 <=1.15.3) +2 more potentially affected by CVE-2022-26850 via org.apache.nifi:nifi-single-user-utils (>=1.14.0 <=1.15.3)
org.apache.nifi:nifi-single-user-utils MAVEN version =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.15.3 Source cves: CVE-2022-26850 Source advisory: OSV:GHSA-RVP4-R3G6-8HXQ...
Design/Logic Flaw
When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the...
PT-2022-18100 · Apache · Apache Nifi
Name of the Vulnerable Software and Affected Versions: Apache NiFi versions prior to 1.16.0 Description: The issue arises when creating or updating credentials for single-user access in Apache NiFi. NiFi writes a copy of the Login Identity Providers configuration to the operating system temporary...
incomplete JupyterHub logout with simultaneous JupyterLab sessions
Impact Users of JupyterLab with JupyterHub who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated after logout, if another active JupyterLab session is...
GHSA-CW7P-Q79F-M2V7 incomplete JupyterHub logout with simultaneous JupyterLab sessions
Impact Users of JupyterLab with JupyterHub who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated after logout, if another active JupyterLab session is...
CVE-2021-41247 incomplete logout in JupyterHub
JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...
JupyterHub 代码问题漏洞
JupyterHub is a multi-user server for Jupyter. A security vulnerability exists in JupyterHub that stems from the fact that in affected versions, users with multiple JupyterLab tabs open in the same browser session may see an incomplete logout from a single-user server because the new credentials...
CVE-2021-37587
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...