Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-25189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libjwt 1.15.3 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

9.8CVSS7.3AI score0.00954EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/04/08 12:0 a.m.15 views

Debian dla-3739 : libjwt-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3739 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3739-1 [email protected] https://www.debian.org/lts/security/...

9.8CVSS8AI score0.00954EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2024/02/26 12:0 a.m.12 views

Debian: Security Advisory (DLA-3739-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.00954EPSS
Exploits1References2
Debian
Debian
added 2024/02/25 10:11 a.m.20 views

[SECURITY] [DLA 3739-1] libjwt security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3739-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz February 24, 2024 https://wiki.debian.org/LTS -...

9.8CVSS9.5AI score0.00954EPSS
Exploits1
Circl
Circl
added 2024/02/08 6:22 p.m.5 views

CVE-2024-25189

creationtimestamp| type| source ---|---|--- 2024-02-08 18:22:24+00:00| seen| https://t.me/ctinow/181529 2024-02-15 08:17:09+00:00| seen| https://t.me/ctinow/185328 2024-03-02 12:41:45+00:00| seen| https://t.me/ctinow/198338...

9.8CVSS8.6AI score0.00954EPSS
Exploits1References3
NVD
NVD
added 2024/02/08 5:15 p.m.17 views

CVE-2024-25189

libjwt 1.15.3 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

9.8CVSS9.5AI score0.00954EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2024/02/08 5:15 p.m.13 views

CVE-2024-25189

libjwt 1.15.3 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

9.8CVSS7.2AI score0.00954EPSS
Exploits1References4
CVE
CVE
added 2024/02/08 12:0 a.m.171 views

CVE-2024-25189

The CVE concerns libjwt: 1.15.3 uses strcmp (not constant time) to verify authentication, enabling a timing side‑channel bypass. Connected sources confirm this is a legitimate vulnerability with high impact (CVE-2024-25189) and note Debian LTS advisories and Debian/DLA entries recommending an upg...

9.8CVSS9.3AI score0.00954EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2024/02/08 12:0 a.m.15 views

CVE-2024-25189

libjwt 1.15.3 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

9.8CVSS9.5AI score0.00954EPSS
Exploits1
Rows per page
Query Builder