Show filters
328,826 Total Results
Displaying 2,361-2,370 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown
CVE-2024-45985
Disclosure Date: September 26, 2024 (last updated September 27, 2024)
A Cross Site Scripting (XSS) vulnerability in update_contact.php of Blood Bank and Donation Management System v1.0 allows an attacker to inject malicious scripts via the name parameter of the update_contact.php
0
Attacker Value
Unknown
CVE-2024-45984
Disclosure Date: September 26, 2024 (last updated September 27, 2024)
A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management System 1.0 allows an attacker to inject malicious scripts that will be executed when the Donor List is viewed.
0
Attacker Value
Unknown
CVE-2024-45838
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It
is advised to not use sensitive information in callsigns when using this
and previous versions of the plugin. Update to current plugin version
which uses AES-256 encryption for callsigns in encrypted operation
0
Attacker Value
Unknown
CVE-2024-45723
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
The goTenna Pro ATAK Plugin does not use SecureRandom when generating
passwords for sharing cryptographic keys. The random function in use
makes it easier for attackers to brute force this password if the
broadcasted encryption key is captured over RF. This only applies to the
optional broadcast of an encryption key, so it is advised to share the
key with local QR code for higher security operations.
0
Attacker Value
Unknown
CVE-2024-45374
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
The goTenna Pro ATAK plugin uses a weak password for sharing encryption
keys via the key broadcast method. If the broadcasted encryption key is
captured over RF, and password is cracked via brute force attack, it is
possible to decrypt it and use it to decrypt all future and past
messages sent via encrypted broadcast with that particular key. This
only applies when the key is broadcasted over RF. This is an optional
feature, so it is advised to use local QR encryption key sharing for
additional security on this and previous versions.
0
Attacker Value
Unknown
CVE-2024-45042
Disclosure Date: September 26, 2024 (last updated September 27, 2024)
Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the `highest_available` setting will incorrectly assume that the identity’s highest available AAL is `aal1` even though it really is `aal2`. This means that the `highest_available` configuration will act as if the user has only one factor set up, for that particular user. This means that they can call the settings and whoami endpoint without a `aal2` session, even though that should be disallowed. An attacker would need to steal or guess a valid login OTP of a user who has only OTP for login enabled and who has an incorrect `available_aal` value stored, to exploit this vulnerability. All other aspects of the session (e.g. the session’s aal) are not impacted by this issue. On the Ory Network, only 0.00066% of registered users were affected by this issue, and most of those users appeared to be test users. Their respective AAL values have since…
0
Attacker Value
Unknown
CVE-2024-43814
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
The goTenna Pro ATAK Plugin's default settings are to share Automatic
Position, Location, and Information (PLI) updates every 60 seconds once
the plugin is active and goTenna is connected. Users that are unaware of
their settings and have not activated encryption before a mission may
accidentally broadcast their location unencrypted. It is advised to
verify PLI settings are the desired rate and activate encryption prior
to mission. Update to the latest Plugin to disable this default setting.
0
Attacker Value
Unknown
CVE-2024-43694
Disclosure Date: September 26, 2024 (last updated October 08, 2024)
In the goTenna Pro ATAK Plugin application, the encryption keys are
stored along with a static IV on the device. This allows for complete
decryption of keys stored on the device. This allows an attacker to
decrypt all encrypted broadcast communications based on broadcast keys
stored on the device.
0
Attacker Value
Unknown
CVE-2024-43108
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
The goTenna Pro ATAK Plugin uses AES CTR type encryption for short,
encrypted messages without any additional integrity checking mechanisms.
This leaves messages malleable to an attacker that can access the
message. It is advised to continue to use encryption in the plugin and
update to the current release for enhanced encryption protocols.
0
Attacker Value
Unknown
CVE-2024-41931
Disclosure Date: September 26, 2024 (last updated October 17, 2024)
The goTenna Pro ATAK Plugin encryption key name is always sent
unencrypted when the key is sent over RF through a broadcast message. It
is advised to share the encryption key via local QR for higher security
operations.
0