13 matches found
EUVD-2023-2780
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-46129
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The...
Fedora 39 : golang-github-nats-io / golang-github-nats-io-jwt-2 / etc (2023-3a895ff65c)
The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-3a895ff65c advisory. Updated NATS stack for CVE-2023-39325 and CVE-2023-46129 Tenable has extracted the preceding description block directly from the Fedora security...
GHSA-MR45-RX8Q-WCM9 xkeys seal encryption used fixed key for all encryption
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in...
xkeys seal encryption used fixed key for all encryption
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in...
CVE-2023-46129
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
UBUNTU-CVE-2023-46129
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
Authentication flaw
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
CVE-2023-46129
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
CVE-2023-46129
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
CVE-2023-46129 xkeys Seal encryption used fixed key for all encryption
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
CVE-2023-46129
CVE-2023-46129 describes a crypto bug in the nkeys library used by NATS. In nkeys versions 0.4.0–0.4.5 (aligned with NATS server 2.10.0–2.10.3), the xkeys encryption handling logic accidentally passed an array by value to an internal function that mutated the buffer to supply the encryption key. ...
CVE-2023-46129
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...