CyberSecurityBoard
Sponsor Register Login

CVE-2024-3741

Electrolink transmitters are vulnerable to an authentication bypass vulnerability affecting the login cookie. An attacker can set an arbitrary value except 'NO' to the login cookie and have full system access.

Publication date: Fri, 19 Apr 2024 03:15:00 +0000


Cyber News related to CVE-2024-3741

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
1 month ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
8 months ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
8 months ago Cisa.gov
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
5 months ago Tenable.com
CVE-2024-3741 - Electrolink transmitters are vulnerable to an authentication bypass ...
5 months ago
CVE-2018-3741 - There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes ...
1 year ago
CVE-2005-3741 - Almond Classifieds does not properly verify the password, which allows attackers to bypass access restrictions. ...
16 years ago
CVE-2011-3741 - Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php and certain other files. ...
12 years ago
CVE-2016-3741 - The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal ...
8 years ago
CVE-2008-3741 - The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script ...
7 years ago
CVE-2012-3741 - The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that ...
7 years ago
CVE-2010-3741 - The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack. ...
7 years ago
CVE-2014-3741 - The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command. ...
6 years ago
CVE-2015-3741 - WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web ...
5 years ago
CVE-2017-3741 - In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation. ...
5 years ago
CVE-2019-3741 - Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files ...
4 years ago
CVE-2020-3741 - Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability. Successful exploitation could lead to denial-of-service. ...
4 years ago
CVE-2022-3741 - Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; ...
2 years ago
CVE-2006-3741 - The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file ...
1 year ago
CVE-2007-3741 - The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool. ...
1 year ago
CVE-2009-3741 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none ...
54 years ago Tenable.com
CVE-2021-3741 - A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the ...
6 days ago Tenable.com
The Top 24 Security Predictions for 2024 - Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 ...
10 months ago Securityboulevard.com
CVE-2024-9256 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 month ago Tenable.com
CVE-2024-9255 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 month ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)