462 matches found
CVE-2023-48396
CVE-2023-48396 concerns an authentication bypass in Apache SeaTunnel (v1.0.0). The underlying issue is a hardcoded JWT secret in the application, enabling an attacker to forge tokens and log in as any user. The secret key can be retrieved from the file path shown in the reports (seatunnel-app/src...
PT-2024-13610 · Apache · Apache Seatunnel
Name of the Vulnerable Software and Affected Versions: Apache SeaTunnel version 1.0.0 Description: The issue is related to a Web Authentication vulnerability in Apache SeaTunnel, where the jwt key is hardcoded in the application. This allows an attacker to forge any token and log in as any user...
CVE-2024-39912
web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found...
CVE-2024-39912 Enumeration of valid usernames in web-auth/webauthn-lib
web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found...
Important: thunderbird
Issue Overview: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. CVE-2024-4367 If the browser.privatebrowsing.autostart preference is...
Mozilla: Potential permissions request bypass via clickjacking
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...
Mozilla: Potential permissions request bypass via clickjacking
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...
Mozilla: Potential permissions request bypass via clickjacking
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...
Mozilla: Potential permissions request bypass via clickjacking
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...
Mozilla: Potential permissions request bypass via clickjacking
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...
Mozilla: Potential permissions request bypass via clickjacking
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...
Mozilla: Potential permissions request bypass via clickjacking
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...
Mozilla: Potential permissions request bypass via clickjacking
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...
CVE-2024-2378
A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations...
CVE-2024-2378
A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations...
CVE-2024-2378
A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations...
CVE-2024-2378
CVE-2024-2378 affects Hitachi Energy SDM600 web-authentication (privilege escalation). Public sources confirm: vulnerable component is the SDM600 web-auth/auth mechanism; exploitation leads to elevated privileges on affected installations. Several advisories reference remediation with a newer SDM...
PT-2024-20079 · Sdm600 · Sdm600
Name of the Vulnerable Software and Affected Versions: SDM600 affected versions not specified Description: A vulnerability exists in the web-authentication component of the SDM600. If exploited, an attacker could escalate privileges on affected installations. Recommendations: At the moment, there...
Hitachi Energy SDM600 安全漏洞
Hitachi Energy SDM600 is a system data manager from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Energy SDM600 that stems from a problem in the Web authentication component where an attacker could elevate privileges...
keycloak: Log Injection during WebAuthn authentication or registration
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...