CVE-2024-10943

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-922
View all →

Vulnerability Description

An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication.

Related Vulnerabilities

CVE-2022-0724

CRITICAL
CVSS:9.1(Critical)

Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.

CWE-9222022

CVE-2024-30896

CRITICAL
CVSS:9.1(Critical)

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default orga...

CWE-9222024

CVE-2024-3501

CRITICAL
CVSS:9.1(Critical)

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/use...

CWE-9222024

CVE-2024-3502

CRITICAL
CVSS:9.1(Critical)

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. This iss...

CWE-9222024

CVE-2017-7253

HIGH
CVSS:8.8(High)

Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with adm...

CWE-9222017

CVE-2023-42913

HIGH
CVSS:8.8(High)

This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions.

CWE-9222023