Total
426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21917 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication. | |||||
| CVE-2024-21669 | 1 Hyperledger | 1 Aries Cloud Agent | 2024-11-21 | N/A | 9.9 CRITICAL |
| Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifying the presentation `document.proof` was not factored into the final `verified` value (`true`/`false`) on the presentation record. The flaw enables holders of W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDPs) to present incorrectly constructed proofs, and allows malicious verifiers to save and replay a presentation from such holders as their own. This vulnerability has been present since version 0.7.0 and fixed in version 0.10.5. | |||||
| CVE-2024-21491 | 1 Svix | 1 Svix | 2024-11-21 | N/A | 5.9 MEDIUM |
| Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature. **Note:** The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues. | |||||
| CVE-2024-21383 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 3.3 LOW |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2024-20892 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. User interaction is required for triggering this vulnerability. | |||||
| CVE-2024-1721 | 2024-11-21 | N/A | N/A | ||
| Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1. | |||||
| CVE-2024-1150 | 2 Opengroup, Snowsoftware | 2 Unix, Snow Inventory Agent | 2024-11-21 | N/A | 7.8 HIGH |
| Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1. | |||||
| CVE-2024-1149 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2. | |||||
| CVE-2024-0567 | 4 Debian, Fedoraproject, Gnu and 1 more | 4 Debian Linux, Fedora, Gnutls and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. | |||||
| CVE-2023-5747 | 1 Hanwhavision | 5 Pno-a6081r-e1t, Pno-a6081r-e1t Firmware, Pno-a6081r-e2t and 2 more | 2024-11-21 | N/A | 7.2 HIGH |
| Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution." | |||||
| CVE-2023-5347 | 1 Korenix | 84 Jetnet 4508, Jetnet 4508-w, Jetnet 4508-w Firmware and 81 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01. | |||||
| CVE-2023-52043 | 2024-11-21 | N/A | 8.1 HIGH | ||
| An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System (Hardware Rev B1) truncates Wireless Access Point Passwords (WPA-PSK) allowing an attacker to gain unauthorized network access via weak authentication controls. | |||||
| CVE-2023-50228 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. . Was ZDI-CAN-21817. | |||||
| CVE-2023-49646 | 1 Zoom | 4 Meeting Software Development Kit, Video Software Development Kit, Virtual Desktop Infrastructure and 1 more | 2024-11-21 | N/A | 6.4 MEDIUM |
| Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2023-49079 | 1 Misskey | 1 Misskey | 2024-11-21 | N/A | 9.3 CRITICAL |
| Misskey is an open source, decentralized social media platform. Misskey's missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 2023.11.1-beta.1. | |||||
| CVE-2023-46324 | 2 Free5gc, Golang | 2 Udm, Go | 2024-11-21 | N/A | 7.5 HIGH |
| pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key. | |||||
| CVE-2023-46234 | 2 Browserify, Debian | 2 Browserify-sign, Debian Linux | 2024-11-21 | N/A | 6.5 MEDIUM |
| browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2. | |||||
| CVE-2023-44077 | 2 Apple, Studionetworksolutions | 2 Macos, Sharebrowser | 2024-11-21 | N/A | 9.8 CRITICAL |
| Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636. | |||||
| CVE-2023-43660 | 1 Warpgate Project | 1 Warpgate | 2024-11-21 | N/A | 4.8 MEDIUM |
| Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the username and a valid target name 2. The attacked knows the user's public key and 3. Only SSH public key authentication is required for the user account. This issue has been addressed in version 0.8.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-43611 | 2 Apple, F5 | 20 Macos, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 17 more | 2024-11-21 | N/A | 7.8 HIGH |
| The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||