472 matches found
Cisco Small Business 操作系统命令注入漏洞
Cisco Small Business is a switch from Cisco USA. An operating system command injection vulnerability exists in the Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers, which stems from insufficient authentication of the user field in incoming HTTP packets. An attacker could exploit thi...
Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have...
Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have...
Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have...
Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have...
The vulnerability of the user authentication mechanism of WebAuthentication browsers Microsoft Edge and Google Chrome allows a perpetrator to disclose protected information.
The vulnerability of the WebAuthentication user authentication mechanism for Microsoft Edge and Google Chrome is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to disclose protected information...
Bender ebee 充电控制器 信息泄露漏洞
The ebee is a charge controller from Bender. An information disclosure vulnerability exists in the Bender ebee Charge Controller, which stems from an RFID leak that allows the RFID of the last charging event to be read via the web interface without authentication.An attacker can exploit this...
Huawei HarmonyOS Licensing Issue Vulnerability (CNVD-2022-44618)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. Huawei HarmonyOS is vulnerable to licensing issues. Successful exploitation of this vulnerability could result in a usability impact. An attacker could use this vulnerability to bypass Web authentication and gain administrati...
The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird, related to a boundary error in processing an unexpected number of WebAuthN extensions in the Register command, allows a malicious actor to execute arbitrary code.
The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird is related to a boundary error in processing an unexpected number of WebAuthN extensions in the Register command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a...
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...
Huawei HarmonyOS 授权问题漏洞
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. Huawei HarmonyOS is vulnerable to licensing issues. Successful exploitation of this vulnerability could result in a usability impact. An attacker could use this vulnerability to bypass Web authentication and gain administrati...
Huawei HarmonyOS 授权问题漏洞
Huawei HarmonyOS is an operating system from Huawei China. An authorization issue vulnerability exists in the Huawei HarmonyOS device authentication service module. Successful exploitation of this vulnerability could result in compromised confidentiality. An attacker could use this vulnerability ...
CVE-2022-0342
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware...
Zyxel USG/ZyWALL 授权问题漏洞
Zyxel USG/ZyWALL is a firewall from Zyxel China. A security vulnerability exists in Zyxel USG/ZyWALL version 4.20 to 4.70, USG FLEX version 4.50 to 5.20, ATP version 4.32 to 5.20, VPN version 4.30 to 5.20, and NSG version 1.20 to 1.33 Patch 4, which can be exploited by an attacker to bypass web...
Juniper Junos OS Path Traversal Vulnerability
A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform remote code execution...
Authentication Bypass in Jira Seraph - CVE-2022-0540
i Updates 2022/05/05 11:30 AM PDT Updated the List of affected Atlassian Marketplace Apps section to note the following apps have non-vulnerable updates available: Secure Code Warrior® for Jira Simple Tasklists Simple Team Pages for Jira UiPath Test Manager for Jira Xporter - Export issues from...