CVE-2024-0454 – Security Vulnerability on Match-on-Chip FPR Architecture
https://notcve.org/view.php?id=CVE-2024-0454
ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform. La solución ELAN Match-on-Chip FPR tiene un error de diseño sobre el riesgo potencial de fuga de SID válido y enumeración con sensor falso. Este fallo hace que el reconocimiento de Windows Hello se omita al clonar el SID para causar una pérdida de identidad de la cuenta. La versión inferior a 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) sufriría este riesgo en la plataforma DELL Inspiron. • https://github.com/advisories/GHSA-w3jx-33qh-77f8 https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy • CWE-290: Authentication Bypass by Spoofing •
CVE-2023-32458
https://notcve.org/view.php?id=CVE-2023-32458
Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation. Dell AppSync, versiones 4.4.0.0 a 4.6.0.0, incluidas las versiones de Service Pack, contiene una vulnerabilidad de control de acceso inadecuado en el componente Embedded Service Enabler. Un usuario malintencionado local podría explotar esta vulnerabilidad durante la instalación, lo que provocaría una escalada de privilegios. • https://www.dell.com/support/kbdoc/en-us/000218038/dsa-2023-331-dell-emc-appsync-security-update-for-dell-embedded-service-enabler-vulnerability • CWE-284: Improper Access Control •
CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando un archivo especialmente diseñado • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-5346
https://notcve.org/view.php?id=CVE-2020-5346
RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser. RSA Authentication Manager versiones anteriores a 8.4 P11, contienen una vulnerabilidad de tipo cross-site scripting almacenado en la Consola de Seguridad. Un administrador malicioso de la Consola de Seguridad de RSA Authentication Manager con privilegios avanzados podría explotar esta vulnerabilidad para almacenar código HTML o JavaScript arbitrario por medio de la interfaz web de la Consola de Seguridad. • https://community.rsa.com/docs/DOC-111347 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-5340
https://notcve.org/view.php?id=CVE-2020-5340
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser. RSA Authentication Manager versiones anteriores a 8.4 P10, presenta una vulnerabilidad de tipo cross-site scripting almacenado en la Consola de Seguridad. Un administrador malicioso de la Consola de Seguridad de RSA Authentication Manager con privilegios avanzados podría explotar esta vulnerabilidad para almacenar código JavaScript o HTML arbitrario por medio de la interfaz web de la Consola de Seguridad. • https://community.rsa.com/docs/DOC-111092 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •