Lucene search
K

472 matches found

RedHat Linux
RedHat Linux
added 2024/05/20 1:41 a.m.5 views

Mozilla: Potential permissions request bypass via clickjacking

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...

6.1CVSS7.2AI score0.00539EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/05/16 6:53 p.m.4 views

Mozilla: Potential permissions request bypass via clickjacking

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...

6.1CVSS7.2AI score0.00539EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/05/16 5:46 p.m.8 views

Mozilla: Potential permissions request bypass via clickjacking

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...

6.1CVSS7.2AI score0.00539EPSS
Exploits1References6
NVD
NVD
added 2024/04/30 1:15 p.m.12 views

CVE-2024-2378

A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations...

8CVSS7.9AI score0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/30 12:58 p.m.6 views

CVE-2024-2378

A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations...

8CVSS7.1AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/30 12:58 p.m.13 views

CVE-2024-2378

A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations...

8CVSS8.1AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2024/04/30 12:58 p.m.54 views

CVE-2024-2378

CVE-2024-2378 affects Hitachi Energy SDM600 web-authentication (privilege escalation). Public sources confirm: vulnerable component is the SDM600 web-auth/auth mechanism; exploitation leads to elevated privileges on affected installations. Several advisories reference remediation with a newer SDM...

8CVSS7AI score0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.6 views

PT-2024-20079 · Sdm600 · Sdm600

Name of the Vulnerable Software and Affected Versions: SDM600 affected versions not specified Description: A vulnerability exists in the web-authentication component of the SDM600. If exploited, an attacker could escalate privileges on affected installations. Recommendations: At the moment, there...

8CVSS6.2AI score0.00216EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/04/30 12:0 a.m.4 views

Hitachi Energy SDM600 安全漏洞

Hitachi Energy SDM600 is a system data manager from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Energy SDM600 that stems from a problem in the Web authentication component where an attacker could elevate privileges...

8CVSS7AI score0.00216EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/16 8:26 p.m.2 views

keycloak: Log Injection during WebAuthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

5.3CVSS5.7AI score0.01008EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/16 8:4 p.m.1 views

keycloak: Log Injection during WebAuthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

5.3CVSS5.7AI score0.01008EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/16 7:55 p.m.0 views

keycloak: Log Injection during WebAuthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

5.3CVSS5.7AI score0.01008EPSS
Exploits0References5
OSV
OSV
added 2024/04/03 4:15 p.m.6 views

CVE-2023-44039

In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...

9.1CVSS5.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/02/29 5:59 a.m.2 views

OET-213H-BTS1 missing authorization check in the initial configuration

Overview OET-213H-BTS1 is a digital temperature measurement and face recognition terminal, developed by Zhejiang Uniview Technologies Co.,Ltd and provided by Atsumi Electric Co., Ltd. The initial configuration of the product is ​insecure CWE-1188, it does not perform an authorization check when...

8.3CVSS6.6AI score0.00333EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.4 views

uverif Security Vulnerabilities

uverif is a free and open source web authentication management system from uverif. A security vulnerability exists in uverif version v.2.0, which stems from the presence of a sensitive information disclosure vulnerability...

5.3CVSS6.5AI score0.00652EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/02/13 4:55 p.m.0 views

keycloak: Log Injection during WebAuthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

5.3CVSS5.7AI score0.01008EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/13 4:55 p.m.3 views

keycloak: Log Injection during WebAuthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

5.3CVSS5.7AI score0.01008EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/01/25 8:17 p.m.19 views

CVE-2023-45669

WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter val...

4.3CVSS5.2AI score0.0052EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2023/12/11 12:0 a.m.5 views

The vulnerability of the WebAuthn authentication mechanism in the Keycloak software for managing identification and access allows a perpetrator to influence the integrity of the protected information.

The vulnerability of the WebAuthn authentication mechanism for Keycloak’s identity management and access control lies in the improper processing of output data for registration logs. Exploiting this vulnerability could allow a malicious actor to influence the integrity of the protected informatio...

5.3CVSS5.9AI score0.01008EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2023/11/07 12:0 a.m.6 views

PT-2023-7514

Name of the Vulnerable Software and Affected Versions Keycloak version 22.0.5 Description A log injection flaw was found in Keycloak, related to the WebAuthn authentication mode. This issue allows a text string to be injected through the authentication form, which may have a minor impact on the...

5.3CVSS6AI score0.01008EPSS
Exploits0References32
Rows per page
Query Builder