8 matches found
IBM MQ DoS (7271937)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7271937 advisory. - In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...
CVE-2026-29000
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...
EUVD-2026-9505
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...
CVE-2022-32502
An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2...
CloudBees Jenkins SMS Notification Plugin Unauthorized Access Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit Trail Plugin is used in one of the audi...
EncryptedToken Integer Overflow Vulnerability
EncryptedToken ECC is an Ether-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function of the smart contract implementation in ECC. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...
Instagram Adds Two-Factor Authentication
Instagram became the latest in a long line of services over the years to offer users two-factor authentication this week. Kevin Systrom, co-founder and CEO of the Facebook-owned mobile photo-sharing app announced the feature on its blog Thursday afternoon. With the feature – accessible via Settin...
FreeBSD : mailman -- CSRF hardening in parts of the web interface (9e50dcc3-740b-11e6-94a2-080027ef73ec)
The late Tokio Kikuchi reported : We may have to set lifetime for input forms because of recent activities on cross-site request forgery CSRF. The form lifetime is successfully deployed in frameworks like web.py or plone etc. Proposed branch lp:tkikuchi/mailman/form-lifetime implement lifetime in...