Lucene search
K

472 matches found

CNNVD
CNNVD
added 2022/07/21 12:0 a.m.5 views

Cisco Small Business 操作系统命令注入漏洞

Cisco Small Business is a switch from Cisco USA. An operating system command injection vulnerability exists in the Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers, which stems from insufficient authentication of the user field in incoming HTTP packets. An attacker could exploit thi...

7.2CVSS7.5AI score0.01081EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/06/03 3:39 p.m.3 views

Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have...

6.5CVSS7.3AI score0.00594EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/06/01 10:21 p.m.6 views

Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have...

6.5CVSS7.3AI score0.00594EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/06/01 10:1 p.m.4 views

Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have...

6.5CVSS7.3AI score0.00594EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/06/01 8:30 p.m.5 views

Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have...

6.5CVSS7.3AI score0.00594EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/05/05 12:0 a.m.7 views

The vulnerability of the user authentication mechanism of WebAuthentication browsers Microsoft Edge and Google Chrome allows a perpetrator to disclose protected information.

The vulnerability of the WebAuthentication user authentication mechanism for Microsoft Edge and Google Chrome is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

3.1CVSS6.7AI score0.00648EPSS
Exploits1References6Affected Software5
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.4 views

Bender ebee 充电控制器 信息泄露漏洞

The ebee is a charge controller from Bender. An information disclosure vulnerability exists in the Bender ebee Charge Controller, which stems from an RFID leak that allows the RFID of the last charging event to be read via the web interface without authentication.An attacker can exploit this...

7.5CVSS7.3AI score0.00924EPSS
Exploits0References2
CNVD
CNVD
added 2022/04/22 12:0 a.m.14 views

Huawei HarmonyOS Licensing Issue Vulnerability (CNVD-2022-44618)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. Huawei HarmonyOS is vulnerable to licensing issues. Successful exploitation of this vulnerability could result in a usability impact. An attacker could use this vulnerability to bypass Web authentication and gain administrati...

9.1CVSS2.2AI score0.00688EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/04/19 12:0 a.m.5 views

The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird, related to a boundary error in processing an unexpected number of WebAuthN extensions in the Register command, allows a malicious actor to execute arbitrary code.

The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird is related to a boundary error in processing an unexpected number of WebAuthN extensions in the Register command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a...

7.6CVSS8.1AI score0.02556EPSS
Exploits1References13Affected Software10
RedHat Linux
RedHat Linux
added 2022/04/12 3:7 p.m.1 views

Mozilla: Out of bounds write due to unexpected WebAuthN Extensions

The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...

8.8CVSS7.3AI score0.02556EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/04/11 2:55 p.m.4 views

Mozilla: Out of bounds write due to unexpected WebAuthN Extensions

The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...

8.8CVSS7.3AI score0.02556EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/04/11 2:18 p.m.3 views

Mozilla: Out of bounds write due to unexpected WebAuthN Extensions

The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...

8.8CVSS7.3AI score0.02556EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/04/08 3:21 p.m.2 views

Mozilla: Out of bounds write due to unexpected WebAuthN Extensions

The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...

8.8CVSS7.3AI score0.02556EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/04/08 2:2 p.m.3 views

Mozilla: Out of bounds write due to unexpected WebAuthN Extensions

The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...

8.8CVSS7.3AI score0.02556EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/04/05 12:0 a.m.4 views

Huawei HarmonyOS 授权问题漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. Huawei HarmonyOS is vulnerable to licensing issues. Successful exploitation of this vulnerability could result in a usability impact. An attacker could use this vulnerability to bypass Web authentication and gain administrati...

9.1CVSS5.7AI score0.00688EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/05 12:0 a.m.4 views

Huawei HarmonyOS 授权问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. An authorization issue vulnerability exists in the Huawei HarmonyOS device authentication service module. Successful exploitation of this vulnerability could result in compromised confidentiality. An attacker could use this vulnerability ...

7.5CVSS5.7AI score0.00725EPSS
Exploits0References4
NVD
NVD
added 2022/03/28 1:15 p.m.23 views

CVE-2022-0342

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware...

9.8CVSS0.84839EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/28 12:0 a.m.3 views

Zyxel USG/ZyWALL 授权问题漏洞

Zyxel USG/ZyWALL is a firewall from Zyxel China. A security vulnerability exists in Zyxel USG/ZyWALL version 4.20 to 4.70, USG FLEX version 4.50 to 5.20, ATP version 4.32 to 5.20, VPN version 4.30 to 5.20, and NSG version 1.20 to 1.33 Patch 4, which can be exploited by an attacker to bypass web...

9.8CVSS8.6AI score0.84839EPSS
Exploits0References3
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.16 views

Juniper Junos OS Path Traversal Vulnerability

A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform remote code execution...

9.8CVSS5.3AI score0.04725EPSS
In wildExploits0
Atlassian
Atlassian
added 2022/03/23 12:59 a.m.51 views

Authentication Bypass in Jira Seraph - CVE-2022-0540

i Updates 2022/05/05 11:30 AM PDT Updated the List of affected Atlassian Marketplace Apps section to note the following apps have non-vulnerable updates available: Secure Code Warrior® for Jira Simple Tasklists Simple Team Pages for Jira UiPath Test Manager for Jira Xporter - Export issues from...

9.8CVSS2.6AI score0.88333EPSS
Exploits2
Rows per page
Query Builder