Lucene search
K

1662 matches found

vulnersOsv
vulnersOsv
added 2020/11/24 4:51 p.m.6 views

com.softwaremill.akka-http-session:jwt_2.13 (>=0.5.7 <=0.6.0) potentially affected by CVE-2020-28452 via com.softwaremill.akka-http-session:core_2.13 (>=0.5.10 <=0.6.0)

com.softwaremill.akka-http-session:core2.13 MAVEN version =0.5.10, =0.5.7, =0.6.0 Source cves: CVE-2020-28452 Source advisory: SNYK:JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1058933...

8.8CVSS7.2AI score0.00524EPSS
Exploits0
NVD
NVD
added 2020/11/19 4:15 p.m.18 views

CVE-2020-9049

A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid...

7.1CVSS7.1AI score0.00527EPSS
Exploits0References2
Prion
Prion
added 2020/11/19 4:15 p.m.17 views

Authorization

A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid...

5.7CVSS5.5AI score0.00527EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2020/11/19 3:27 p.m.20 views

CVE-2020-9049 victor Web Client and C•CURE Web Client JSON Web Token (JWT) Vulnerability

A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid...

7.1CVSS7.1AI score0.00527EPSS
Exploits0References2
CVE
CVE
added 2020/11/19 3:27 p.m.66 views

CVE-2020-9049

CVE-2020-9049 affects Johnson Controls Victor Web Client and Software House C•CURE Web Client. Affected products: victor Web Client up to v5.6 and C•CURE Web Client up to v2.90; mitigations include upgrading to victor v5.6 SP1 and C•CURE Web Client v2.70+ with updates (Web Client_c2.70_5.2_Update...

7.1CVSS6.1AI score0.00527EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2020/11/19 2:15 a.m.2 views

DEBIAN-CVE-2019-20933

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret aka shared secret...

9.8CVSS7.3AI score0.30921EPSS
Exploits3References1
OSV
OSV
added 2020/11/19 2:15 a.m.3 views

UBUNTU-CVE-2019-20933

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret aka shared secret...

9.8CVSS7.2AI score0.30921EPSS
Exploits3References6
CNNVD
CNNVD
added 2020/11/18 12:0 a.m.7 views

Influxdata InfluxDB 授权问题漏洞

InfluxDB is an open source temporal database developed by InfluxData. An authentication bypass vulnerability exists in the authenticate function in services/httpd/handler.go in versions prior to InfluxDB 1.7.6. The vulnerability stems from the fact that JWT tokens may have an empty SharedSecret. ...

9.8CVSS7AI score0.30921EPSS
Exploits3References14
OSV
OSV
added 2020/11/06 8:15 a.m.1 views

DEBIAN-CVE-2020-26521

The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...

7.5CVSS7.3AI score0.0209EPSS
Exploits0References1
OSV
OSV
added 2020/11/06 8:15 a.m.2 views

DEBIAN-CVE-2020-26892

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...

9.8CVSS8.5AI score0.02054EPSS
Exploits0References1
OSV
OSV
added 2020/11/06 8:15 a.m.4 views

UBUNTU-CVE-2020-26521

The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...

7.5CVSS5.8AI score0.0209EPSS
Exploits0References5
Snyk
Snyk
added 2020/10/16 4:53 p.m.5 views

Improper Authentication

Overview react-adal is an Azure Active Directory Library ADAL support for ReactJS. Affected versions of this package are vulnerable to Improper Authentication. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly...

8.2CVSS6.3AI score0.01266EPSS
Exploits1References2
OSV
OSV
added 2020/10/02 5:15 a.m.3 views

CVE-2020-26511

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass...

7.5CVSS7.1AI score0.02146EPSS
Exploits0References4
OSV
OSV
added 2020/09/30 6:15 p.m.3 views

DEBIAN-CVE-2020-26160

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...

7.5CVSS6.3AI score0.02158EPSS
Exploits0References1
OSV
OSV
added 2020/09/30 6:15 p.m.6 views

AZL-41684 CVE-2020-26160 affecting package dcos-cli for versions less than 1.2.0-15

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...

7.5CVSS6.7AI score0.02158EPSS
Exploits0References1
Veracode
Veracode
added 2020/09/16 7:2 a.m.12 views

Insecure Authentication

authmagic-timerange-stateless-core uses insecure authentication. When comparing signatures in the JSON web token JWT and refreshToken, the package does not verify the JWT token sent by user before reissuing a new token, allowing an attacker to forge a user's identity by modifying the payload and...

2.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2020/09/01 12:0 a.m.11 views

PT-2020-7931

Name of the Vulnerable Software and Affected Versions: jws versions prior to 3.0.0 Description: The issue allows a malicious actor to modify the contents of a JWT while still passing verification, potentially leading to a complete authentication bypass. This can be achieved by exploiting the...

8.7CVSS5.2AI score0.01798EPSS
Exploits0References8
Hacker One
Hacker One
added 2020/06/10 5:14 a.m.228 views

h1-ctf: [H1-2006 2020] Bypassing access control checks by modifying the URL, internal application state, or the HTML page, or using a custom API attack tool

H1-2006 CTF Writeup F859938 Summary: Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/05/30 3:43 p.m.6 views

Critical 'Sign in with Apple' Bug Could Have Let Attackers Hijack Anyone's Account

Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its 'Sign in with Apple ' system. The now-patched vulnerability could have allowed remote attackers to bypass authentication and take over targeted...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/04/27 8:34 a.m.4 views

How An Image Could've Let Attackers Hack Microsoft Teams Accounts

Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization's entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image. The flaw,...

5.8AI score
Exploits0
Rows per page
Query Builder