Lucene search
K

462 matches found

OpenVAS
OpenVAS
added 2024/10/19 12:0 a.m.19 views

openSUSE Security Advisory (openSUSE-SU-2024:0337-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.3AI score0.06295EPSS
Exploits3References3
Microsoft CVE
Microsoft CVE
added 2024/10/17 7:0 a.m.17 views

Chromium: CVE-2024-9956 Inappropriate implementation in Web Authentication

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

7.8CVSS6.9AI score0.00389EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/10/17 7:0 a.m.24 views

Chromium: CVE-2024-9955 Use after free in Web Authentication

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS6.9AI score0.00765EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/10/17 3:10 a.m.2 views

SUSE CVE-2024-9955

Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.4AI score0.00765EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/10/17 12:0 a.m.5 views

The vulnerability of the Central Web Authentication (CWA) component of the Cisco IOS XE operating system allows a hacker to bypass the authentication process and gain access to the protected network segment.

The vulnerability of the Central Web Authentication CWA component in the Cisco IOS XE operating system is related to logical errors in the implementation of the access control list ACL. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and gain access to t...

9.3CVSS5.5AI score0.00282EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2024/10/16 12:0 a.m.22 views

Google Chrome Security Update (stable-channel-update-for-desktop_15-2024-10) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

8.8CVSS8.7AI score0.06295EPSS
Exploits3References1
OSV
OSV
added 2024/10/15 9:15 p.m.2 views

DEBIAN-CVE-2024-9955

Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS8.2AI score0.00765EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/10/15 12:0 a.m.12 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 17 security fixes: 367755363 High CVE-2024-9954: Use after free in AI. Reported by DarkNavy on 2024-09-18 370133761 Medium CVE-2024-9955: Use after free in Web Authentication. Reported by anonymous on 2024-09-29 370482421 Medium CVE-2024-9956:...

8.8CVSS7.8AI score0.06295EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2024/10/15 12:0 a.m.29 views

Google Chrome < 130.0.6723.58 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 130.0.6723.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 202410stable-channel-update-for-desktop15 advisory. - Use after free in AI. CVE-2024-9954 - Use after free in Web Authentication...

8.8CVSS6.8AI score0.06295EPSS
Exploits3References27
Patchstack
Patchstack
added 2024/09/30 12:45 p.m.3 views

WordPress WP-WebAuthn plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin WP-WebAuthn versions = 1.3.1...

6.5CVSS6.1AI score0.00237EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/09/25 5:15 p.m.3 views

CVE-2024-20510

A vulnerability in the Central Web Authentication CWA feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list ACL, which could allow access to network resources before user authentication. Thi...

9.3CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/10 1:20 a.m.15 views

CVE-2024-38270

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80AAZI.0C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid...

5.3CVSS7.5AI score0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/10 1:20 a.m.22 views

CVE-2024-38270

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80AAZI.0C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid...

5.3CVSS0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.3 views

Zyxel GS1900 安全特征问题漏洞

The Zyxel GS1900 is a managed switch from China Hopkins Zyxel. A security signature issue vulnerability exists in the Zyxel GS1900-10HP V2.80AAZI.0C0 version, which stems from improper use of a random function with low entropy when generating Web authentication tokens...

6.5CVSS6.9AI score0.00212EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.9 views

PT-2024-27909 · Zyxel · Zyxel Gs1900-10Hp

Name of the Vulnerable Software and Affected Versions: Zyxel GS1900-10HP firmware version V2.80AAZI.0C0 Description: An insufficient entropy vulnerability exists due to the improper use of a randomness function with low entropy for web authentication tokens generation. This could allow a LAN-base...

6.5CVSS7.4AI score0.00212EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/09/03 12:0 a.m.44 views

openSUSE 15 Security Update : cacti, cacti-spine (openSUSE-SU-2024:0274-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0274-1 advisory. - cacti 1.2.27: CVE-2024-34340: Authentication Bypass when using using older password hashes boo1224240 CVE-2024-25641: RCE vulnerability when...

9.1CVSS9.1AI score0.86303EPSS
Exploits26References31
Tenable Nessus
Tenable Nessus
added 2024/09/03 12:0 a.m.26 views

openSUSE 15 Security Update : cacti, cacti-spine (openSUSE-SU-2024:0276-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0276-1 advisory. - cacti 1.2.27: CVE-2024-34340: Authentication Bypass when using using older password hashes boo1224240 CVE-2024-25641: RCE vulnerability when...

9.1CVSS9.1AI score0.86303EPSS
Exploits26References31
OSV
OSV
added 2024/07/30 9:32 a.m.18 views

GHSA-CP2C-X2PC-FPH7 Apache SeaTunnel Web Authentication vulnerability

Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...

8.8CVSS9.2AI score0.00722EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/07/30 9:32 a.m.33 views

Apache SeaTunnel Web Authentication vulnerability

Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...

9.1CVSS6.8AI score0.00722EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/07/30 9:15 a.m.3 views

CVE-2023-48396

Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...

9.1CVSS9.1AI score
Exploits0References2
Rows per page
Query Builder