USN-8065-1: Authlib vulnerabilities

Millie Solem discovered that Authlib did not properly restrict algorithm selection during JWT verification, allowing HMAC verification with asymmetric public keys when no algorithm was specified. A remote attacker could possibly use this issue to bypass signature verification and forge tokens,...

Microsoft Exchange Server 授权问题漏洞

Microsoft Exchange Server is a set of e-mail service programs from Microsoft. It provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. An authorization issue vulnerability exists in Microsoft Exchange Server, which stems from a mixed deployment...