Lucene search
K

102 matches found

NVD
NVD
added 2024/07/15 7:15 p.m.17 views

CVE-2024-37386

An issue was discovered in Stormshield Network Security SNS 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot. The following versions fix this: 4.3.27, 4.7.6, and 4.8.2...

4.2CVSS0.00202EPSS
Exploits0References1
CVE
CVE
added 2024/07/15 12:0 a.m.52 views

CVE-2024-37386

Stormshield Network Security (SNS) has a vulnerability affecting versions 4.0.0–4.3.25, 4.4.0–4.7.5, and 4.8.0 that permits restarting in single-user mode despite Secure Boot being active. The issue arises from certain manipulations that bypass the secure boot protection. Remediation is provided ...

4.2CVSS6.6AI score0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/15 12:0 a.m.22 views

CVE-2024-37386

An issue was discovered in Stormshield Network Security SNS 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot. The following versions fix this: 4.3.27, 4.7.6, and 4.8.2...

0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.3 views

Stormshield Network Security Security Vulnerabilities

Stormshield Network Security SNS is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability exists in Stormshield Network Security SNS versions 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0, which originates from the fact that...

4.2CVSS6.7AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/15 12:0 a.m.4 views

PT-2024-27512 · Stormshield · Stormshield Network Security

Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 4.0.0 through 4.3.25 Stormshield Network Security SNS versions 4.4.0 through 4.7.5 Stormshield Network Security SNS version 4.8.0 Description: An issue was discovered in Stormshield Network Security S...

4.2CVSS7.2AI score0.00202EPSS
Exploits0References5
Veracode
Veracode
added 2024/03/29 2:59 p.m.18 views

Cross Site Scripting (XSS)

JupyterHub is vulnerable to Cross Site Scripting XSS. The vulnerability is due to the mishandling of cookies on malicious subdomains, which allows an attacker to achieve unauthorized access and control over a user's session and potentially gain full access to the JupyterHub API or the user's...

8.1CVSS6.5AI score0.00329EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/02/26 4:27 p.m.24 views

CVE-2024-0436

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...

7.1CVSS7AI score0.0048EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/25 4:25 p.m.12 views

CVE-2024-0436 Prevent timing attack for single-user password check

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...

7.1CVSS5.9AI score0.0048EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/25 4:25 p.m.27 views

CVE-2024-0436 Prevent timing attack for single-user password check

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...

7.1CVSS7.2AI score0.0048EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/29 7:15 p.m.6 views

CVE-2022-23003

When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be...

5.3CVSS6AI score0.00615EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/29 12:0 a.m.3 views

Western Digital Sweet B 安全漏洞

Western Digital Sweet B is a library from Western Digital, Inc. that implements public key elliptic curve cryptography ECC using NIST P-256 and SECG secp256k1 curves. A security vulnerability exists in the Western Digital Sweet B library, which can be exploited by an attacker to cause a limited...

5.3CVSS5.8AI score0.00615EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/29 12:0 a.m.4 views

Western Digital Sweet B 安全漏洞

Western Digital Sweet B is a library from Western Digital, Inc. that implements public-key elliptic curve cryptography ECC using NIST P-256 and SECG secp256k1 curves. A security vulnerability exists in the Western Digital Sweet B library, which could be exploited by an attacker to cause a limited...

5.3CVSS5.8AI score0.00615EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/06/20 10:33 p.m.5 views

org.apache.nifi:nifi-bootstrap (>=1.14.0 <=1.15.3), org.apache.nifi:nifi-single-user-iaa-providers (>=1.14.0 <=1.15.3) +2 more potentially affected by CVE-2022-26850 via org.apache.nifi:nifi-single-user-utils (>=1.14.0 <=1.15.3)

org.apache.nifi:nifi-single-user-utils MAVEN version =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.15.3 Source cves: CVE-2022-26850 Source advisory: OSV:GHSA-RVP4-R3G6-8HXQ...

4.3CVSS5.8AI score0.01435EPSS
Exploits0
Prion
Prion
added 2022/04/06 6:15 p.m.18 views

Design/Logic Flaw

When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the...

4CVSS4.6AI score0.01435EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/04/06 12:0 a.m.5 views

PT-2022-18100 · Apache · Apache Nifi

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions prior to 1.16.0 Description: The issue arises when creating or updating credentials for single-user access in Apache NiFi. NiFi writes a copy of the Login Identity Providers configuration to the operating system temporary...

4.3CVSS4.2AI score0.01435EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2021/11/08 6:2 p.m.34 views

incomplete JupyterHub logout with simultaneous JupyterLab sessions

Impact Users of JupyterLab with JupyterHub who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated after logout, if another active JupyterLab session is...

7.5CVSS0.6AI score0.00778EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/11/08 6:2 p.m.18 views

GHSA-CW7P-Q79F-M2V7 incomplete JupyterHub logout with simultaneous JupyterLab sessions

Impact Users of JupyterLab with JupyterHub who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated after logout, if another active JupyterLab session is...

5.1CVSS7.5AI score0.00778EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/11/04 5:15 p.m.37 views

CVE-2021-41247 incomplete logout in JupyterHub

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...

3.5CVSS7.8AI score0.00778EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/11/04 12:0 a.m.6 views

JupyterHub 代码问题漏洞

JupyterHub is a multi-user server for Jupyter. A security vulnerability exists in JupyterHub that stems from the fact that in affected versions, users with multiple JupyterLab tabs open in the same browser session may see an incomplete logout from a single-user server because the new credentials...

7.5CVSS7.2AI score0.00778EPSS
Exploits0References3
OSV
OSV
added 2021/07/30 2:15 p.m.19 views

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

6.5CVSS6.9AI score
Exploits0References5
Rows per page
Query Builder