Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1028

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0209EPSS
Exploits0References11
OSV
OSV
added 2024/08/21 2:30 p.m.15 views

GO-2023-2066 NATS nats-server allows directory traversal via unintended path to a management action in github.com/nats-io/nats-server

NATS nats-server allows directory traversal via unintended path to a management action in github.com/nats-io/nats-server...

9.8CVSS9.2AI score0.00994EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.22 views

Fedora 40 : golang-github-nats-io / golang-github-protobuf / nats-server (2023-5f904f4dd4)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-5f904f4dd4 advisory. Contains updates to address CVE-2022-28357,41717 Tenable has extracted the preceding description block directly from the Fedora security advisory...

9.8CVSS8.4AI score0.00994EPSS
Exploits0References2
OSV
OSV
added 2023/10/30 12:0 a.m.23 views

CVE-2023-47090

NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is...

6.5CVSS7.4AI score0.00662EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/10/30 12:0 a.m.27 views

CVE-2023-47090

NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is...

6.5CVSS6.8AI score0.00662EPSS
Exploits0References4
OSV
OSV
added 2022/06/13 8:44 p.m.3 views

MGASA-2022-0225 Updated nats-server packages fix security vulnerability

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. CVE-2022-24450...

9CVSS8.8AI score0.01305EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/02/11 11:42 p.m.50 views

Incorrect handling of credential expiry by /nats-io/nats-server

Problem Description NATS nats-server through 2020-10-07 has Incorrect Access Control because of how expired credentials are handled. The NATS accounts system has expiration timestamps on credentials; the library had an API which encouraged misuse and an IsRevoked method which misused its own API....

9.8CVSS9.5AI score0.02054EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2020/11/06 8:15 a.m.21 views

CVE-2020-26521

The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...

7.5CVSS6.6AI score
Exploits0References3
OSV
OSV
added 2020/11/06 8:15 a.m.24 views

CVE-2020-26892

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...

9.8CVSS6.7AI score
Exploits0References3
NVD
NVD
added 2020/11/06 8:15 a.m.31 views

CVE-2020-26892

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...

9.8CVSS9.5AI score0.02054EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2020/11/06 8:15 a.m.31 views

CVE-2020-26521

The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...

7.5CVSS7.1AI score0.0209EPSS
Exploits0References4
Prion
Prion
added 2020/11/06 8:15 a.m.28 views

Code injection

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...

7.5CVSS9.4AI score0.02054EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2020/11/06 8:15 a.m.23 views

Code injection

The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...

5CVSS7.3AI score0.0209EPSS
Exploits0References3Affected Software2
UbuntuCve
UbuntuCve
added 2020/11/06 8:15 a.m.45 views

CVE-2020-26892

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...

9.8CVSS7.2AI score0.02054EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/11/06 7:36 a.m.37 views

CVE-2020-26892

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...

9.5AI score0.02054EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/11/06 7:36 a.m.29 views

CVE-2020-26892

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...

9.8CVSS9.6AI score0.02054EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/11/06 7:35 a.m.20 views

CVE-2020-26521

The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...

7.5CVSS7.3AI score0.0209EPSS
Exploits0
Rows per page
Query Builder