Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.6 views

TencentOS Server 4: python-authlib (TSSA-2024:1134)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1134 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS7AI score0.012EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2024/06/19 12:0 a.m.29 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Authlib (SUSE-SU-2024:2064-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2064-1 advisory. - Update to version 1.3.1 - CVE-2024-37568: Fixed algorithm confusion with asymmetric public keys...

7.5CVSS7.3AI score0.00382EPSS
Exploits1References4
OSV
OSV
added 2024/06/18 11:14 a.m.14 views

SUSE-SU-2024:2064-1 Security update for python-Authlib

This update for python-Authlib fixes the following issues: - Update to version 1.3.1 - CVE-2024-37568: Fixed algorithm confusion with asymmetric public keys. bsc1226138...

7.5CVSS7.5AI score0.00382EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/06/18 12:0 a.m.22 views

Fedora 40 : python-authlib (2024-7cc9a030d9)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7cc9a030d9 advisory. Update to v1.3.1 CVE-2024-37568 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

7.5CVSS7.4AI score0.00382EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/06/11 2:5 a.m.4 views

SUSE CVE-2024-37568

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

7.5CVSS9.2AI score0.00382EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2024/06/09 9:30 p.m.5 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +131 more potentially affected by CVE-2024-37568 via authlib (>=0.10.0 <=1.3.0)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0, =0.0.1, =0.1.0, =1.0.3, =2.0.0, =0.0.59, =0.5.0, =1.6.1, =4.2.0.43, =0.1.0, =0.3.0 and more Source cves: CVE-2024-37568 Source advisory: OSV:GHSA-5357-C2JX-V7QH...

7.5CVSS7AI score0.00382EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2024/06/09 7:15 p.m.28 views

CVE-2024-37568

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

7.5CVSS7.1AI score0.00382EPSS
Exploits1References4
OSV
OSV
added 2024/06/09 12:0 a.m.28 views

CVE-2024-37568

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

7.5CVSS6.5AI score0.00382EPSS
Exploits1References7
Rows per page
Query Builder