pyjwt 安全漏洞

pyjwt is a Python library developed by José Padilla from the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. Prior to version 2.13.0, pyjwt had a security vulnerability. This vulnerability stemmed from the function PyJWKClient.getsigningkey, which forced each JWT...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys – prevented overflow in asymmetrickeygenerateid. Use checkaddoverflow to prevent potential integer overflows when adding the lengths of binary blobs and the size of an asymmetrickeyid structure. Return...

RLSA-2026:13577 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nvme: avoid double free special payload CVE-2024-41073 kernel: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpaend CVE-2025-40252 kernel: crypto: asymmetricke...

CVE-2026-32310 Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the deleteapikeyroute endpoint. An attacker can delete API keys belonging to other users by providing the apikeyid of a key they do not own. Remediation Upgrade langflow-base to versio...

CVE-2023-43784

Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat...

crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

...

UBUNTU-CVE-2025-68724

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

EUVD-2007-3193

Malware in sbrugna...

EUVD-2015-0851

Malware in sbrugna...

EUVD-2022-1387

Malicious code in bioql PyPI...

EUVD-2022-55509

Malicious code in bioql PyPI...

CVE-2024-5230

A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to...

Telnet Service Encryption Key ID Overflow Detection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Telnet Service Encryption Key ID Overflow Detection', 'Description' = 'Detect telnet services vulnerable to the encrypt option Key ID overflow...

PT-2023-28982 · Plesk +1 · Plesk Onyx +1

Name of the Vulnerable Software and Affected Versions: Plesk Onyx version 17.8.11 Description: The issue is related to the presence of accessKeyId and secretAccessKey fields in the Amazon AWS Firehose component. However, the vendor's position is that there is no security threat. Recommendations:...

CVE-2023-2626

There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packe...

CVE-2023-2626

CVE-2023-2626 (OpenThread border router) : Authentication bypass allowing unauthenticated nodes to craft radio frames via a fixed “Key ID Mode 2” encryption key, enabling arbitrary IPv6 packets to be sent to and from devices on the LAN through the Thread network. Documented impact: bypass of secu...

Google Nest 授权问题漏洞

Google Nest is a smart home product by Google, an American company. Google Nest has a security vulnerability. The vulnerability allows unauthenticated nodes to forge radio frames using "Key ID Mode 2", a special mode that uses a static encryption key to bypass security checks, allowing arbitrary ...

PT-2023-20568 · Unknown · Openthread

Name of the Vulnerable Software and Affected Versions: OpenThread border router devices and implementations affected versions not specified Description: The issue is an authentication bypass vulnerability that allows unauthenticated nodes to craft radio frames using a special mode called Key ID...

kernel: sctp: handle the error returned from sctp_auth_asoc_init_active_key

In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned from sctpauthasocinitactivekey When it returns an error from sctpauthasocinitactivekey, the activekey is actually not updated. The old shkey will be freeed while it's still used as active key in...