Lucene search
K

5 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Firefox and Thunderbird

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking, violating the WebAuthn goals. This vulnerability affect...

6.5CVSS7AI score0.00594EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.4 views

SUSE CVE-2022-31742

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affec...

6.1CVSS8.7AI score0.00594EPSS
Exploits0References8
OSV
OSV
added 2022/12/22 8:15 p.m.2 views

DEBIAN-CVE-2022-31742

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affec...

6.5CVSS7AI score0.00594EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/06/01 9:54 p.m.4 views

Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have...

6.5CVSS7.3AI score0.00594EPSS
Exploits0References4
OSV
OSV
added 2022/06/01 12:0 a.m.1 views

UBUNTU-CVE-2022-31742

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affec...

6.5CVSS6.9AI score0.00594EPSS
Exploits0References7
Rows per page
Query Builder