12 matches found
Incorrect Verification Of Tokens
jsonwebtoken is vulnerable to incorrect verification of tokens. A remote attacker is able to validate forged tokens via passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument when the application is supporting both symmetric and asymmetric keys with the sa...
CVE-2022-23541 jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
jsonwebtoken is an implementation of JSON Web Tokens. Versions = 8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument from the readme link will result in incorrect verification of tokens. There i...
Important: Red Hat Security Advisory: OpenJDK 11.0.12 Security Update for Windows Builds
The Red Hat Build of OpenJDK 11 java-11-openjdk is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RHEL 8 : java-11-openjdk (RHSA-2021:2783)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2783 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...
Debian DSA-4933-1 : nettle - security update
Multiple vulnerabilities were discovered in nettle, a low level cryptographic library, which could result in denial of service remote crash in RSA decryption via specially crafted ciphertext, crash on ECDSA signature verification or incorrect verification of ECDSA signatures. %NASLMINLEVEL 70300 ...
CVE-2018-1000025
Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or fro...
DLA-53-1 apt - security update
Bulletin has no description...
Scientific Linux Security Update : curl on SL4.x i386/x86_64
CVE-2009-2417 curl: incorrect verification of SSL certificate with NUL in name Scott Cantor reported that cURL is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted...
Aardvark Topsites XSS / Disclosure
Hi, Here's the vulnerabilities descriptions and POCs: I write to report three vulnerabilities that I found in the last version of Aardvark Topsites PHP5.2.1 and older versions. The cause of all of them is the incorrect verification of input parameters. Here are the vulnerabilities:...
Important: Red Hat Security Advisory: gnupg security update
Updated GnuPG packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte...
gnupg security update
CentOS Errata and Security Advisory CESA-2007:0106-01 Updated GnuPG packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures...
Important: Red Hat Security Advisory: gnupg security update
Updated GnuPG packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applicatio...