462 matches found
openSUSE Security Advisory (openSUSE-SU-2024:0337-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Chromium: CVE-2024-9956 Inappropriate implementation in Web Authentication
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2024-9955 Use after free in Web Authentication
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
SUSE CVE-2024-9955
Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
The vulnerability of the Central Web Authentication (CWA) component of the Cisco IOS XE operating system allows a hacker to bypass the authentication process and gain access to the protected network segment.
The vulnerability of the Central Web Authentication CWA component in the Cisco IOS XE operating system is related to logical errors in the implementation of the access control list ACL. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and gain access to t...
Google Chrome Security Update (stable-channel-update-for-desktop_15-2024-10) - Mac OS X
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
DEBIAN-CVE-2024-9955
Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 17 security fixes: 367755363 High CVE-2024-9954: Use after free in AI. Reported by DarkNavy on 2024-09-18 370133761 Medium CVE-2024-9955: Use after free in Web Authentication. Reported by anonymous on 2024-09-29 370482421 Medium CVE-2024-9956:...
Google Chrome < 130.0.6723.58 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 130.0.6723.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 202410stable-channel-update-for-desktop15 advisory. - Use after free in AI. CVE-2024-9954 - Use after free in Web Authentication...
WordPress WP-WebAuthn plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin WP-WebAuthn versions = 1.3.1...
CVE-2024-20510
A vulnerability in the Central Web Authentication CWA feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list ACL, which could allow access to network resources before user authentication. Thi...
CVE-2024-38270
An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80AAZI.0C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid...
CVE-2024-38270
An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80AAZI.0C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid...
Zyxel GS1900 安全特征问题漏洞
The Zyxel GS1900 is a managed switch from China Hopkins Zyxel. A security signature issue vulnerability exists in the Zyxel GS1900-10HP V2.80AAZI.0C0 version, which stems from improper use of a random function with low entropy when generating Web authentication tokens...
PT-2024-27909 · Zyxel · Zyxel Gs1900-10Hp
Name of the Vulnerable Software and Affected Versions: Zyxel GS1900-10HP firmware version V2.80AAZI.0C0 Description: An insufficient entropy vulnerability exists due to the improper use of a randomness function with low entropy for web authentication tokens generation. This could allow a LAN-base...
openSUSE 15 Security Update : cacti, cacti-spine (openSUSE-SU-2024:0274-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0274-1 advisory. - cacti 1.2.27: CVE-2024-34340: Authentication Bypass when using using older password hashes boo1224240 CVE-2024-25641: RCE vulnerability when...
openSUSE 15 Security Update : cacti, cacti-spine (openSUSE-SU-2024:0276-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0276-1 advisory. - cacti 1.2.27: CVE-2024-34340: Authentication Bypass when using using older password hashes boo1224240 CVE-2024-25641: RCE vulnerability when...
GHSA-CP2C-X2PC-FPH7 Apache SeaTunnel Web Authentication vulnerability
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...
Apache SeaTunnel Web Authentication vulnerability
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...
CVE-2023-48396
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...