459 matches found
SUSE CVE-2021-32800
Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended...
DEBIAN-CVE-2022-28281
If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...
PT-2022-27401 · Unknown · Rest Api Authentication Plugin
Name of the Vulnerable Software and Affected Versions: REST API Authentication plugin versions prior to 2.4.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web...
IBM Robotic Process Automation 授权问题漏洞
IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation versions 21.0.1, 21.0.2, 21.0.3, 21.0.4, a...
Splunk 安全漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. Splunk...
September 20, 2022—KB5017381 (OS Build 20348.1070) Preview
September 20, 2022—KB5017381 OS Build 20348.1070 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to fi...
CVE-2022-1499
Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
Cisco Small Business 操作系统命令注入漏洞
Cisco Small Business is a switch from Cisco USA. An operating system command injection vulnerability exists in the Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers, which stems from insufficient authentication of the user field in incoming HTTP packets. An attacker could exploit thi...
Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have...
Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have...
Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have...
Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have...
The vulnerability of the user authentication mechanism of WebAuthentication browsers Microsoft Edge and Google Chrome allows a perpetrator to disclose protected information.
The vulnerability of the WebAuthentication user authentication mechanism for Microsoft Edge and Google Chrome is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to disclose protected information...
Bender ebee 充电控制器 信息泄露漏洞
The ebee is a charge controller from Bender. An information disclosure vulnerability exists in the Bender ebee Charge Controller, which stems from an RFID leak that allows the RFID of the last charging event to be read via the web interface without authentication.An attacker can exploit this...
Huawei HarmonyOS Licensing Issue Vulnerability (CNVD-2022-44618)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. Huawei HarmonyOS is vulnerable to licensing issues. Successful exploitation of this vulnerability could result in a usability impact. An attacker could use this vulnerability to bypass Web authentication and gain administrati...
The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird, related to a boundary error in processing an unexpected number of WebAuthN extensions in the Register command, allows a malicious actor to execute arbitrary code.
The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird is related to a boundary error in processing an unexpected number of WebAuthN extensions in the Register command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a...
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...