Vulnerability fixed in pac4j-jwt

Pac4j has fixed a vulnerability in the pac4j-jwt library specifically for versions before 4.5.9, 5.7.9 and 6.3.3. The vulnerability is located in the JwtAuthenticator module of the pac4j-jwt library. This vulnerability allows an attacker with access to the server's RSA public key to forge JWT...

Splunk Enterprise 9.2.0 < 9.2.11, 9.3.0 < 9.3.9, 9.4.0 < 9.4.7, 10.0.0 < 10.0.2 (SVD-2026-0207)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0207 advisory. - In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC...

EUVD-2017-2771

Malware in sbrugna...

EUVD-2017-14758

Malware in sbrugna...

EUVD-2021-11034

Malware in sbrugna...

EUVD-2016-4164

Malware in sbrugna...

CVE-2016-7438

The C software implementation of ECC in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...

CVE-2015-7744

wolfSSL formerly CyaSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS...

CVE-2013-4208

The rsaverify function in PuTTY before 0.63 1 does not clear sensitive process memory after use and 2 does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys...