4 matches found
pac4j-jwt 数据伪造问题漏洞
pac4j-jwt is an JWT authentication module developed by pac4j as open source. Versions of pac4j-jwt prior to 4.5.9, 5.7.9, and 6.3.3 contained a data manipulation vulnerability. This vulnerability stems from the JwtAuthenticator’s inability to properly handle encrypted JWTs, leading to an...
SUSE CVE-2025-5025
libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...
SUSE CVE-2015-8960
The TLS protocol 1.2 and earlier supports the rsafixeddh, dssfixeddh, rsafixedecdh, and ecdsafixedecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server...
BSA-2018-620
Security Advisory ID : BSA-2018-620 Component : TLS Revision : 2.0 The TLS protocol 1.2 and earlier supports the rsafixeddh, dssfixeddh, rsafixedecdh, and ecdsafixedecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations...