11 matches found
DEBIAN-CVE-2026-48523
PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...
PT-2026-44395
Name of the Vulnerable Software and Affected Versions PyJWT versions 2.9.0 through 2.12.1 Description A verifier-side algorithm allow-list bypass occurs when jwt.decode or jwt.decode complete are called with a PyJWK key. While the token header alg is checked against the provided algorithms...
EUVD-2020-0406
Malware in sbrugna...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-39077 DESCRIPTION: IBM Security Guardium stores user credentials in plain clear text which can be read by a local privileged user. CVSS Base score: 4.4 CVSS Temporal Score: See:...
Private key leak in Apache CXF
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...
GHSA-42F2-F9VC-6365 Private key leak in Apache CXF
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...
CVE-2019-12423
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...
CVE-2019-12423
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...
CVE-2019-12423
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...
CVE-2019-12423
CVE-2019-12423 affects Apache CXF OpenId Connect JWK Keys service. When rs.security.keystore.type is set to “jwk”, the service may return all keys from the JWK file, potentially exposing private/secret key credentials if present, though newer CXF releases restrict to the key with the matching ali...
CVE-2019-12423
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...