CVE-2024-54150 Algorithm Confusion Vulnerability in cjwt

cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...

CVE-2024-54150 Algorithm Confusion Vulnerability in cjwt

cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...

CVE-2024-54150 Algorithm Confusion Vulnerability in cjwt

cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...

CVE-2024-54150

CVE-2024-54150 (cjwt) is a vulnerability in the C JWT implementation where signature verification fails to differentiate between symmetric and asymmetric signing methods (e.g., HS256 vs RS256/PS/EC). The root cause is algorithm confusion during verification, which can allow an attacker to forge t...

CVE-2024-53269

Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to...

Use Of A Broken Or Risky Cryptographic Algorithm

github.com/beego/beego is vulnerable to Use of a Broken or Risky Cryptographic Algorithm. The vulnerability is due to the use of MD5 as a hashing algorithm, which allows two different inputs to produce the same hash value...

Envoy Proxy 安全漏洞

Envoy Proxy is a cloud-native, high-performance edge/intermediate/service proxy open-sourced by Envoy Proxy. A security vulnerability exists in Envoy Proxy that stems from a sorting algorithm that crashes in the data plane when other addresses are not IP addresses...

CVE-2024-28980

Dell RecoverPoint for VMs, versions 6.0.x contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution...

CVE-2024-28980

Dell RecoverPoint for VMs, versions 6.0.x contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution...

GO-2022-0635 In-band key negotiation issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-go

A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...

Beego 安全漏洞

Beego is an open source web framework based on the Go language from Beego Open Source. A security vulnerability exists in Beego version 2.3.3, which stems from the use of MD5 as a hashing algorithm and is vulnerable to collision attacks...

CVE-2024-50110

...

ceph: rhceph-container: Authentication bypass in CEPH RadosGW

A vulnerability in the Ceph Rados Gateway RadosGW OIDC provider allows attackers to bypass JWT signature verification by supplying a token with "none" as the algorithm alg. This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid token...

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System DNS tunnel for command-and-control C2 communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable...

PT-2024-9986 · Acronis · Acronis Cyber Protect Cloud Agent

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect Cloud Agent Linux before build 39185 Description: The issue is related to the use of a weak algorithm for signing RPM packages in the Acronis Cyber Protect Cloud Agent for Linux. This weakness can potentially allow an...

UBUNTU-CVE-2024-48916

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...

UBUNTU-CVE-2024-53106

In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in imaeventdigestinitcommon Function imaeventdigestinit calls imaeventdigestinitcommon with HASHALGOLAST which is then used to access the array hashdigestsize leading to buffer overrun. Have a conditional...

CVE-2024-53106 ima: fix buffer overrun in ima_eventdigest_init_common

In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in imaeventdigestinitcommon Function imaeventdigestinit calls imaeventdigestinitcommon with HASHALGOLAST which is then used to access the array hashdigestsize leading to buffer overrun. Have a conditional...

The Pressure Is on for Big Tech to Regulate the Broken Digital Advertising Industry

Brands have been at the mercy of the algorithm when it comes to where their ads appear online, but they’re about to get more control...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a buffer overflow due to the use of HASHALGOLAST in the imaeventdigestinitcommon function in the ima...