drf-jwt Authorization Issues Vulnerability

drf-jwt is a JSON Web Token Authentication support package for the Django REST Framework. An authorization issue vulnerability exists in drf-jwt version 1.15.x prior to 1.15.1, which stems from an incompatibility between the blacklist protection mechanism and the token refresh feature, and can be...

CVE-2020-10594

An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...

CVE-2020-10594

An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...

PYSEC-2020-40

An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...

PYSEC-2020-40

An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...

Design/Logic Flaw

An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...

CVE-2020-10594

An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...

CVE-2020-10594

CVE-2020-10594 affects drf-jwt 1.15.x before 1.15.1. The issue stems from an incompatibility between the blacklist protection mechanism and the token-refresh feature, allowing an attacker who has access to a notionally invalidated token to obtain a new, valid token via the refresh endpoint. The d...

CVE-2018-19516

messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value...

DEBIAN-CVE-2018-19516

messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value...

Design/Logic Flaw

messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value...

CVE-2018-19516

messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value...

UBUNTU-CVE-2018-19516

messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value...

CVE-2018-19516

CVE-2018-19516 affects KDE Applications’ messagelib (messagepartthemes/default/defaultrenderer.cpp) prior to version 18.12.0, where http-equiv=REFRESH handling is not properly restricted, potentially allowing data access bypass. Public records in NVD confirm the issue and indicate downstream patc...

CVE-2018-19516

messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value...

CVE-2018-19516

messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value...

Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks

Remember rowhammer vulnerability? A critical issue affecting modern DRAM dynamic random access memory chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips. To mitigate Rowhammer vulnerability on the late...

CVE-2020-10255

The CVE-2020-10255/TRRRespass issue affects modern memory (DDR4/LPDDR4 after 2015) where Target Row Refresh mitigations can be bypassed by rowhammer patterns. Documents in connected sources confirm this can allow privilege escalation, kernel/Sudo compromise, and cross-tenant VM access via bit fli...

CVE-2019-17645

An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/service/refreshMacroAjax.php...

SUSE SLED15 / SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2020:0466-1)

This update for java-180-ibm fixes the following issues : Java 8.0 was updated to Service Refresh 6 Fix Pack 5 bsc1162972, bsc1160968 CVE-2020-2583: Unlink Set of LinkedHashSets CVE-2019-4732: Untrusted DLL search path vulnerability CVE-2020-2593: Normalize normalization for all CVE-2020-2604:...