Lucene search
K

498 matches found

RedhatCVE
RedhatCVE
added 2022/04/06 2:50 p.m.49 views

CVE-2022-28281

The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...

8.8CVSS2.5AI score0.02556EPSS
Exploits1References5
OSV
OSV
added 2022/04/06 7:5 a.m.7 views

SUSE-RU-2022:1114-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR bsc1197903: MFSA 2022-14 bsc1197903 CVE-2022-1097: Fixed memory safety violations that could occur when PKCS11 tokens are removed while in use CVE-2022-28281: Fixed an out of bounds write due to...

8.8CVSS7.8AI score0.1446EPSS
Exploits7References10
UbuntuCve
UbuntuCve
added 2022/04/06 12:0 a.m.48 views

CVE-2022-28281

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...

8.8CVSS7.2AI score0.02556EPSS
Exploits1References6
OSV
OSV
added 2022/04/06 12:0 a.m.2 views

UBUNTU-CVE-2022-28281

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...

8.8CVSS7.3AI score0.02556EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/04/05 12:0 a.m.2 views

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation, U.S. A buffer overflow vulnerability exists in Mozilla Firefox, which stems from an unexpected WebAuthN extension that causes out-of-bounds memory writes. An unauthenticated attacker could exploit the vulnerability to...

8.8CVSS9AI score0.02556EPSS
Exploits1References18
Mozilla
Mozilla
added 2022/04/05 12:0 a.m.40 views

Security Vulnerabilities fixed in Firefox ESR 91.8 — Mozilla

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the...

8.8CVSS0.9AI score0.1446EPSS
Exploits7References8Affected Software1
Mozilla
Mozilla
added 2022/04/05 12:0 a.m.192 views

Security Vulnerabilities fixed in Thunderbird 91.8 — Mozilla

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the...

8.8CVSS1.3AI score0.02556EPSS
Exploits6References9Affected Software1
Kaspersky
Kaspersky
added 2022/04/05 12:0 a.m.49 views

KLA12497 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Out of bounds memory read vulnerability in JIT Codegen Extensions...

8.8CVSS9.1AI score0.1446EPSS
Exploits7References4
ThreatPost
ThreatPost
added 2022/03/22 3:42 p.m.216 views

FIDO: Here’s Another Knife to Help Murder Passwords

We all hate passwords, but none of us want to make logging into our accounts a hassle with extra time, steps and devices. That’s why the Fast Identity Online Alliance FIDO published a white paper PDF on Thursday, outlining different use cases for the adoption of their FIDO2 set of specifications...

8.7AI score
Exploits0References19
ATTACKERKB
ATTACKERKB
added 2022/03/18 6:15 a.m.1 views

CVE-2022-27240

scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...

9.8CVSS6.1AI score0.01496EPSS
Exploits0References3
NVD
NVD
added 2022/03/18 6:15 a.m.22 views

CVE-2022-27240

scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...

9.8CVSS0.01496EPSS
Exploits0References2
OSV
OSV
added 2022/03/18 6:15 a.m.3 views

DEBIAN-CVE-2022-27240

scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...

9.8CVSS9AI score0.01496EPSS
Exploits0References1
OSV
OSV
added 2022/03/18 6:15 a.m.17 views

CVE-2022-27240

scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...

9.8CVSS7.4AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/03/18 6:15 a.m.27 views

CVE-2022-27240

scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...

9.8CVSS7.2AI score0.01496EPSS
Exploits0References4
Prion
Prion
added 2022/03/18 6:15 a.m.18 views

Buffer overflow

scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...

7.5CVSS9.7AI score0.01496EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/03/18 6:15 a.m.17 views

UBUNTU-CVE-2022-27240

scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...

9.8CVSS7.6AI score0.01496EPSS
Exploits0References4
CVE
CVE
added 2022/03/18 5:55 a.m.90 views

CVE-2022-27240

CVE-2022-27240 concerns Glewlwyd SSO server 2.x before 2.6.2, where a buffer overflow in the WebAuthn support (scheme/webauthn.c) is associated with a WebAuthn assertion. The Red Hat and related advisories confirm the same description. No exploit details are provided in the connected documents. T...

9.8CVSS9.7AI score0.01496EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/18 5:55 a.m.21 views

CVE-2022-27240

scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...

10AI score0.01496EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2022/03/18 5:55 a.m.67 views

CVE-2022-27240

scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...

9.8CVSS9.8AI score0.01496EPSS
Exploits0
CNNVD
CNNVD
added 2022/03/18 12:0 a.m.6 views

Glewlwyd SSO server 安全漏洞

Glewlwyd SSO server is a single sign-on SSO server for multi-factor authentication for OAuth2 and OpenID Connect authentication. A security vulnerability exists in babelouest Glewlwyd SSO server versions 2.x through 2.6.2, which stems from a buffer overflow in the scheme/webauthn.c file in the...

9.8CVSS8.6AI score0.01496EPSS
Exploits0References3
Rows per page
Query Builder