UBUNTU-CVE-2022-36083

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...

CVE-2022-36083 JOSE vulnerable to resource exhaustion via specifically crafted JWE

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...

CVE-2022-36083 JOSE vulnerable to resource exhaustion via specifically crafted JWE

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...

GLSA-202209-02 : IBM Spectrum Protect: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202209-02 IBM Spectrum Protect: Multiple Vulnerabilities - IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale...

PT-2022-23172 · Jose · Jose

Name of the Vulnerable Software and Affected Versions: JOSE versions prior to v1.28.2 JOSE versions prior to v2.0.6 JOSE versions prior to v3.20.4 JOSE versions prior to v4.9.2 Description: The PBKDF2-based JWE key management algorithms in JOSE expect a JOSE Header Parameter named p2c PBES2 Count...

Security update for python-M2Crypto (important)

openSUSE Security Update: Security update for python-M2Crypto Announcement ID: openSUSE-SU-2022:2562-1 Rating: important References: 1178829 Cross-References: CVE-2020-25657 CVSS scores: CVE-2020-25657 NVD : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25657 SUSE: 7.5...

Rocky Linux 8 : gnutls and nettle (RLSA-2021:4451)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4451 advisory. - A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated...

CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

DEBIAN-CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

AZL-10735 CVE-2022-2031 affecting package samba 4.12.5-7

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

Code injection

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

CVE-2022-2031

CVE-2022-2031 affects Samba. A flaw occurs when KDC and kpasswd service share a single account and keys, allowing a password-change-initiated user to decrypt tickets and obtain/use tickets to other services. Impact is high per linked advisories; multiple vendors note updates/patches exist (e.g., ...

D-Link DIR-816 Buffer Overflow Vulnerability

The D-Link DIR-816 is a wireless router from AUO D-Link of Taiwan, China. A buffer overflow vulnerability exists in the mirrored version of the D-link DIR-816 firmware A2v1.10CNB04.img. The vulnerability stems from the fact that when the wantype of its /goform/form2Wan.cgi component is 3, the...

CVE-2020-35992

Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file specifically, the LogPassword attribute within appconfig.ini, they would be able to decrypt the password stored within the configuration file. This woul...

CVE-2020-35992

Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file specifically, the LogPassword attribute within appconfig.ini, they would be able to decrypt the password stored within the configuration file. This woul...

PT-2022-4412 · Delta Industrial Automation · Dialink

Name of the Vulnerable Software and Affected Versions: Delta Industrial Automation DIALink versions 1.4.0.0 and prior Description: The issue is related to the use of a hard-coded cryptographic key, which could allow an attacker to decrypt sensitive data and compromise the machine. This could...