8 matches found
PT-2026-44396
Name of the Vulnerable Software and Affected Versions PyJWT versions prior to 2.13.0 Description PyJWT is a JSON Web Token implementation in Python. The get signing key function in PyJWKClient forces a new HTTP request to the JWKS endpoint for every JWT containing an unknown kid value, without...
CVE-2014-1921
parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors...
CVE-2014-1921
parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors...
CVE-2014-1921
CVE-2014-1921 affects parcimonie (privacy-friendly keyring refresh) with large keyrings. The issue is a timing-based information leakage: the tool sleeps a fixed interval between key fetches (e.g., ten minutes for large keyrings), enabling an observer to correlate fetches across events. Debian/DS...
Debian DSA-2860-1 : parcimonie - information disclosure
Holger Levsen discovered that parcimonie, a privacy-friendly helper to refresh a GnuPG keyring, is affected by a design problem that undermines the usefulness of this piece of software in the intended threat model. When using parcimonie with a large keyring 1000 public keys or more, it would alwa...
[SECURITY] [DSA 2860-1] parcimonie security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2860-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 11, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2860-1 (parcimonie - information disclosure)
Holger Levsen discovered that parcimonie, a privacy-friendly helper to refresh a GnuPG keyring, is affected by a design problem that undermines the usefulness of this piece of software in the intended threat model. When using parcimonie with a large keyring 1000 public keys or more, it would alwa...
DSA-2860-1 parcimonie - information disclosure
Bulletin has no description...