CVE-2023-28119

Removed by vendor...

Medium: python-jwt

Issue Overview: A vulnerability was found in python-jwt. This issue happens when PyJWT supports multiple different JWT signing algorithms. This flaw allows an attacker submitting the JWT token to choose the used signing algorithm, leading to key confusion through non-blocklisted public key format...

PT-2023-21576 · Saml +1 · Saml +1

Name of the Vulnerable Software and Affected Versions: github.com/crewjam/saml versions prior to 0.4.13 Description: The issue arises from the package's use of flate.NewReader without limiting the size of the input. This allows a user to pass more than 1 MB of data in an HTTP request to the...

Important: golang-github-cpuguy83-md2man

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

Amazon Linux 2023 : python3-jwt, python3-jwt+crypto (ALAS2023-2023-076)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-076 advisory. A vulnerability was found in python-jwt. This issue happens when PyJWT supports multiple different JWT signing algorithms. This flaw allows an attacker submitting the JWT token to choose the used signin...

Amazon Linux 2023 : cpp, gcc, gcc-c++ (ALAS2023-2023-030)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-030 advisory. A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceiv...

Netgear Orbi Router RBR750 hidden telnet service command execution vulnerability

Talos Vulnerability Report TALOS-2022-1595 Netgear Orbi Router RBR750 hidden telnet service command execution vulnerability March 21, 2023 CVE Number CVE-2022-38452 SUMMARY A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A...

Gas Cost Vulnerability

Lines of code Vulnerability details The fuse function iterates through the provided characterList to check for duplicate characters and validate the trays. If the length of characterList is too high, the gas cost for executing the fuse function will also be high, potentially reaching the block ga...

CBL Mariner 2.0 Security Update: terraform (CVE-2018-9057)

The version of terraform installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2018-9057 advisory. - aws/resourceawsiamuserloginprofile.go in the HashiCorp Terraform Amazon Web Services AWS provider through...

AIX is affected by a denial of service due to Python

IBM SECURITY ADVISORY First Issued: Tue Mar 14 13:01:15 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory4.asc Security Bulletin: AIX is affected by a denial of service CVE-2022-45061 due to Python...

PaperCut NG SecurityRequestFilter Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the...

CVE-2023-0353 CVE-2023-0353

Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file...

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...

TikTok "a loaded gun" says NSA

America's TikTok-addicted youth is playing with a "loaded gun" according to General Paul Nakasone, Director of the National Security Agency NSA. Speaking at a US Senate hearing on Wednesday, the general said "one third of Americans get their news from TikTok", adding "one sixth of American youth...

Security Bulletin: IBM Robotic Process Automation for Cloud Pak may be vulnerable to a denial of service due to ISC BIND (CVE-2022-38177, CVE-2022-38178).

Summary ISC BIND is used by IBM Robotic Process Automation for Cloud Pak as part of it's Antivirus and Watson NLP container images. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details CVEID:CVE-2022-38177 DESCRIPTION: ISC BIND is vulnerable to...

Debian: Security Advisory (DLA-262-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Collision Attack

jenkins-2-plugins is vulnerable to Collision Attacks. The vulnerability is possible because it uses the weak hashing algorithm, SHA-1 to store whole-script approvals, making it vulnerable to collision attacks...

openssl: NULL dereference during PKCS7 data verification

A NULL pointer vulnerability was found in OpenSSL, which can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not...

Oracle Linux 9 : python3.9 (ELSA-2023-0953)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-0953 advisory. 3.9.14-1.2 - Security fix for CVE-2022-45061 Resolves: rhbz2144072 Tenable has extracted the preceding description block directly from the Oracle Linux security...

CVE-2022-23541

A flaw was found in the jsonwebtoken library. Affected versions of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function will result in incorrect verification of tokens. Using a different algorithm and key combination in verification than what was...