Filtered by vendor
Subscriptions
Total
487 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-2451 | 2024-11-21 | 6.4 Medium | ||
Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading. | ||||
CVE-2024-27247 | 1 Zoom | 1 Workplace Desktop | 2024-11-21 | 5.5 Medium |
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. | ||||
CVE-2024-27244 | 1 Zoom | 1 Vdi Windows Meeting Client | 2024-11-21 | 6.7 Medium |
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
CVE-2024-26194 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-11-21 | 7.4 High |
Secure Boot Security Feature Bypass Vulnerability | ||||
CVE-2024-24694 | 1 Zoom | 1 Workplace Desktop | 2024-11-21 | 5.9 Medium |
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
CVE-2024-23680 | 1 Amazon | 1 Aws Encryption Sdk | 2024-11-21 | 5.3 Medium |
AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures. | ||||
CVE-2024-23480 | 2024-11-21 | 7.5 High | ||
A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2. | ||||
CVE-2024-21917 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2024-11-21 | 9.8 Critical |
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication. | ||||
CVE-2024-21669 | 1 Hyperledger | 1 Aries Cloud Agent | 2024-11-21 | 9.9 Critical |
Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifying the presentation `document.proof` was not factored into the final `verified` value (`true`/`false`) on the presentation record. The flaw enables holders of W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDPs) to present incorrectly constructed proofs, and allows malicious verifiers to save and replay a presentation from such holders as their own. This vulnerability has been present since version 0.7.0 and fixed in version 0.10.5. | ||||
CVE-2024-21491 | 1 Svix | 1 Svix | 2024-11-21 | 5.9 Medium |
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature. **Note:** The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues. | ||||
CVE-2024-21383 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | 3.3 Low |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
CVE-2024-20892 | 1 Samsung | 1 Android | 2024-11-21 | 6.5 Medium |
Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. User interaction is required for triggering this vulnerability. | ||||
CVE-2024-1721 | 2024-11-21 | N/A | ||
Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1. | ||||
CVE-2024-1150 | 2 Opengroup, Snowsoftware | 2 Unix, Snow Inventory Agent | 2024-11-21 | 7.8 High |
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1. | ||||
CVE-2024-1149 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-11-21 | 7.8 High |
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2. | ||||
CVE-2023-5747 | 1 Hanwhavision | 5 Pno-a6081r-e1t, Pno-a6081r-e1t Firmware, Pno-a6081r-e2t and 2 more | 2024-11-21 | 7.2 High |
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution." | ||||
CVE-2023-5347 | 1 Korenix | 84 Jetnet 4508, Jetnet 4508-w, Jetnet 4508-w Firmware and 81 more | 2024-11-21 | 9.8 Critical |
An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01. | ||||
CVE-2023-52043 | 2024-11-21 | 8.1 High | ||
An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System (Hardware Rev B1) truncates Wireless Access Point Passwords (WPA-PSK) allowing an attacker to gain unauthorized network access via weak authentication controls. | ||||
CVE-2023-50762 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Thunderbird, Enterprise Linux and 4 more | 2024-11-21 | 4.3 Medium |
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6. | ||||
CVE-2023-50761 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Thunderbird, Enterprise Linux and 4 more | 2024-11-21 | 4.3 Medium |
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6. |