UBUNTU-CVE-2013-10031

Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks...

CVE-2013-10031 Plack::Middleware::Session versions before 0.17 for Perl may be vulnerable to HMAC comparison timing attacks

Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks...

CVE-2013-10031 Plack::Middleware::Session versions before 0.17 for Perl may be vulnerable to HMAC comparison timing attacks

Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks...

Plack::Middleware::Session 安全漏洞

Plack::Middleware::Session is a Plack open source minimalist session library for Plack. A security vulnerability exists in Plack::Middleware::Session versions prior to 0.17, which stems from vulnerability to HMAC comparison timing attacks...

Amazon Linux 2023 : openvpn, openvpn-devel (ALAS2023-2025-1312)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1312 advisory. HMAC verification check: fix incorrect memcmp call NOTE: https://community.openvpn.net/Security%20Announcements/CVE-2025-13086 CVE-2025-13086 Tenable has extracted the preceding description block...

Important: openvpn

Issue Overview: HMAC verification check: fix incorrect memcmp call NOTE: https://community.openvpn.net/Security%20Announcements/CVE-2025-13086 CVE-2025-13086 Affected Packages: openvpn Issue Correction: Run dnf update openvpn --releasever 2023.9.20251208 or dnf update --advisory ALAS2023-2025-131...

CVE-2025-65945

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...

CVE-2025-65945

CVE-2025-65945 affects auth0/node-jws (Node.js). In affected versions (3.2.2 and earlier; 4.0.0) there is an improper HS256 signature verification under specific conditions when using jws.createVerify() with user-provided header/payload data in HMAC secret lookups. IBM bulletins corroborate the i...

CVE-2025-65945 auth0/node-jws improper HMAC signature verification vulnerability

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...

Improper Verification of Cryptographic Signature

Overview jws is an Implementation of JSON Web Signatures Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the createVerify function when using HS256 HMAC algorithms and incorporating user-provided data from the JSON Web Signature Protected...

auth0/node-jws Improperly Verifies HMAC Signature

Overview An improper signature verification vulnerability exists when using auth0/node-jws with the HS256 algorithm under specific conditions. Am I Affected? You are affected by this vulnerability if you meet all of the following preconditions: 1. Application uses the auth0/node-jws implementatio...

EUVD-2025-201250

auth0/node-jws Improperly Verifies HMAC Signature...

CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...

Ubuntu 24.04 LTS / 25.04 / 25.10 : OpenVPN vulnerability (USN-7898-1)

The remote Ubuntu 24.04 LTS / 25.04 / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7898-1 advisory. Joshua Rogers discovered that OpenVPN incorrectly handled HMAC verification checks. A remote attacker could possibly use this issue to bypass sour...

Ubuntu: Security Advisory (USN-7898-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2025-323-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenVPN HMAC Verification Vulnerability Bypass (Nov 2025) - Windows

OpenVPN is prone to a hmac bypass verification vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn";...

Linux Distros Unpatched Vulnerability : CVE-2025-13086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a...

FreeBSD : OpenVPN -- HMAC verification on source IP address ineffective (17a40d76-c3fd-11f0-b513-0da7be77c170)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 17a40d76-c3fd-11f0-b513-0da7be77c170 advisory. Arne Schwabe reports: Fix memcmp check for the hmac verification in the 3way handshake being inverted...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990074)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990074 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport init-annotated seg6hmacinit EXPORTSYMBOL and init is a bad combination becaus...