UBUNTU-CVE-2023-49208

scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration...

CVE-2023-49208

Glewlwyd SSO server is reported affected by CVE-2023-49208: a possible buffer overflow in scheme/webauthn.c during FIDO2 credentials validation in webauthn registration. This concerns Glewlwyd before version 2.7.6. The root cause is a buffer overflow in the webauthn registration flow; the impact ...

CVE-2023-49208

scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration...

Spoofing Attacks

firefox is vulnerable to Spoofing Attacks. An attacker could exploit this vulnerability by tricking a user into visiting a malicious website. The website would contain a specially crafted exploit that would trigger the WebAuthn prompt while simultaneously obscuring the full-screen notification. T...

CVE-2023-5729

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...

CVE-2023-5729

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...

Spoofing

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...

CVE-2023-5729

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...

UBUNTU-CVE-2023-5729

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...

CVE-2023-5729

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...

CVE-2023-5729

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...

CVE-2023-5729

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...

Important: firefox

Issue Overview: The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird 91.9. CVE-2022-29913 A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describe...

Biometric Login for WooCommerce < 1.0.4 - Unauthenticated Privilege Escalation

Description The plugin does not validate that a user's WebAuthn authentication request succeeded before sending them authentication cookies, making it possible for unauthenticated attackers to take over any accounts having WebAuthn credentials set up on affected sites. While on the site not logge...

Biometric Login for WooCommerce < 1.0.4 - Unauthenticated Privilege Escalation

Description The plugin does not validate that a user's WebAuthn authentication request succeeded before sending them authentication cookies, making it possible for unauthenticated attackers to take over any accounts having WebAuthn credentials set up on affected sites. PoC While on the site not...

SUSE CVE-2020-8236

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it...

SUSE CVE-2020-12423

When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. Note: This issue only affects the Windows operating system; other operating systems are...

SUSE CVE-2021-32726

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fix...

SUSE CVE-2022-28281

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-03064)

Mozilla Firefox is an open source web browser from the Mozilla Foundation, U.S. A buffer overflow vulnerability exists in Mozilla Firefox, which stems from an unexpected WebAuthN extension that causes out-of-bounds memory writes. An unauthenticated attacker could exploit the vulnerability to...