Lucene search
K

20 matches found

CBLMariner
CBLMariner
added 2024/07/22 11:1 p.m.18 views

CVE-2020-26160 affecting package dcos-cli for versions less than 1.2.0-15

CVE-2020-26160 affecting package dcos-cli for versions less than 1.2.0-15. A patched version of the package is available...

7.5CVSS7AI score0.0214EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.8 views

SUSE CVE-2020-26160

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...

7.5CVSS6.3AI score0.0214EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.40 views

Security Bulletin: A jwt-go vulnerability affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2020-26160)

Summary A vulnerability in jwt-go affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for steps to address this issue. Vulnerability Details CVEID:CVE-2020-26160 DESCRIPTION: jwt-go could allow a remote attacker to bypass security restrictions, caused by a ty...

7.5CVSS7.2AI score0.0214EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/02 4:8 p.m.34 views

Security Bulletin: IBM Security Guardium Insights is affected by JWT-Go vulnerability (CVE-2020-26160)

Summary IBM Security Guardium Insights adreesed the following issue Vulnerability Details CVEID: CVE-2020-26160 DESCRIPTION: jwt-go could allow a remote attacker to bypass security restrictions, caused by a type assertion failure when m"aud" happens to be string. By sending a specially-crafted...

7.5CVSS7.4AI score0.0214EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2021/12/14 1:41 p.m.48 views

Moderate: Red Hat Security Advisory: Cryostat security update

Updated RHEL-8 based Cryostat container images are now available Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

7.5CVSS6.7AI score0.0214EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/07/27 10:30 p.m.285 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.8.2 bug fix and security update

Red Hat OpenShift Container Platform release 4.8.2 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a...

9.8CVSS6.8AI score0.95707EPSS
Exploits21References1722
RedHat Linux
RedHat Linux
added 2021/05/19 9:14 a.m.107 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.7.0 security, bug fix, and enhancement update

Updated images which include numerous security fixes, bug fixes, and enhancements are now available for Red Hat OpenShift Container Storage 4.7.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...

9.8CVSS6.7AI score0.69062EPSS
Exploits2References152
RedHat Linux
RedHat Linux
added 2021/03/10 11:41 a.m.87 views

Moderate: Red Hat Security Advisory: OpenShift Virtualization 2.6.0 security and bug fix update

An update is now available for RHEL-8-CNV-2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

8.6CVSS6.6AI score0.21052EPSS
Exploits6References79
RedHat Linux
RedHat Linux
added 2021/02/24 3:9 p.m.125 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update

Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

10CVSS8.1AI score0.69062EPSS
Exploits4References1706
RedHat Linux
RedHat Linux
added 2021/02/18 12:2 a.m.76 views

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless 1.13.0 security update

Release of OpenShift Serverless 1.13.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE link...

7.5CVSS6.6AI score0.0214EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/14 2:44 a.m.36 views

Security Bulletin: A vulnerability have been identified in jwt-go shipped with IBM Netcool Operations Insight Event Integrations Operator (CVE-2020-26160)

Summary jwt-go is a dependency shipped with IBM Netcool Operations Insight Event Integrations Operator. Information about the security vulnerability affecting jwt-go has been published. CVE-2020-26160 Vulnerability Details CVEID: CVE-2020-26160 DESCRIPTION: jwt-go could allow a remote attacker to...

7.5CVSS1.2AI score0.0214EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/09/30 6:15 p.m.6 views

AZL-41684 CVE-2020-26160 affecting package dcos-cli for versions less than 1.2.0-15

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...

7.5CVSS6.7AI score0.0214EPSS
Exploits0References1
OSV
OSV
added 2020/09/30 6:15 p.m.36 views

CVE-2020-26160

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...

7.5CVSS6.6AI score
Exploits0References2
Wolfi
Wolfi
added 2020/09/30 6:15 p.m.203 views

CVE-2020-26160 vulnerabilities

Vulnerabilities for packages: dgraph, docker-credential-acr-env, gitness...

7.5CVSS6.7AI score0.0214EPSS
Exploits0
Chainguard
Chainguard
added 2020/09/30 6:15 p.m.30 views

CVE-2020-26160 vulnerabilities

Vulnerabilities for packages: docker-credential-acr-env-fips, gitness, docker-credential-acr-env, dgraph...

7.5CVSS6.7AI score0.0214EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2020/09/30 6:15 p.m.43 views

CVE-2020-26160

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...

7.5CVSS6.8AI score0.0214EPSS
Exploits0References3
CVE
CVE
added 2020/09/30 12:57 p.m.499 views

CVE-2020-26160

The CVE-2020-26160 entry concerns jwt-go prior to 4.0.0-preview1. The vulnerability allows bypass of audience restrictions when m["aud"] is []string{}; due to a type assertion failure, aud becomes the empty string, which is problematic if a service does not enforce its own audience checks. The pr...

7.5CVSS7.2AI score0.0214EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/09/30 12:57 p.m.43 views

CVE-2020-26160

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...

7.5CVSS6AI score0.0214EPSS
Exploits0
Cvelist
Cvelist
added 2020/09/30 12:57 p.m.29 views

CVE-2020-26160

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...

7.5CVSS7.4AI score0.0214EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2020/09/30 12:57 p.m.749 views

CVE-2020-26160

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...

7.5CVSS7.4AI score0.0214EPSS
Exploits0
Rows per page
Query Builder