Lucene search
K

292 matches found

Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.11 views

pki-core security update

An update is available for module.pki-core, module.ldapjdk, resteasy, jss, tomcatjss, ldapjdk, module.jss, module.resteasy, module.tomcatjss, pki-core. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.5CVSS7.7AI score0.00659EPSS
Exploits0
OSV
OSV
added 2025/05/07 7:11 p.m.5 views

RLSA-2024:4367 Important: pki-core security update

The Public Key Infrastructure PKI Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fixes: dogtag ca: token authentication bypass vulnerability CVE-2023-4727 For more details about the security issues, including the impact, a CVSS...

7.5CVSS7.9AI score0.00659EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/07 12:0 a.m.2 views

RockyLinux 8 : pki-core (RLSA-2024:4367)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4367 advisory. dogtag ca: token authentication bypass vulnerability CVE-2023-4727 Tenable has extracted the preceding description block directly from the RockyLinux security...

7.5CVSS7.4AI score0.00659EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.6 views

Passport-wsfed-saml2 安全漏洞

Passport-wsfed-saml2 is an Auth0 open source token authentication provider program. A security vulnerability exists in Passport-wsfed-saml2 versions 3.0.5 through 4.6.3 that stems from a SAML authentication flaw that could lead to user impersonation...

9.3CVSS6.5AI score0.00369EPSS
Exploits0References3
OSV
OSV
added 2025/03/14 3:43 p.m.4 views

OESA-2025-1269 pki-core security update

Dogtag PKI is a designed enterprise software system manage enterprise Public Key Infrastructure deployments. Security Fixes: A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an...

7.5CVSS7.2AI score0.00659EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-42368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry da...

6.5CVSS6.4AI score0.0062EPSS
Exploits0References2
OSV
OSV
added 2025/03/03 7:22 p.m.11 views

GO-2025-3460 Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT in github.com/distribution/distribution

Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT in github.com/distribution/distribution...

8.7CVSS6.3AI score0.00326EPSS
Exploits0References3
Veracode
Veracode
added 2025/02/14 8:6 a.m.12 views

Improper Authentication

github.com/distribution/distribution/v3 is vulnerable to Improper Authentication. The vulnerability is due to Improper Authentication due to inadequate verification of JSON Web Keys JWK in JSON Web Tokens JWT, allowing an attacker to inject an untrusted signing key when token authentication is...

8.7CVSS6.8AI score0.00326EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/13 4:59 p.m.11 views

CVE-2025-24976

A flaw was found in Distribution. Certain versions with token authentication enabled may be vulnerable to an issue where token authentication allows an attacker to inject an untrusted signing key in a JSON web token JWT. The issue is due to how the JSON web key JWK verification is performed. When...

6.5CVSS6.7AI score0.00326EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/02/13 12:20 a.m.2 views

SUSE CVE-2025-24976

Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...

7.5CVSS7.3AI score0.00326EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/02/11 5:57 p.m.16 views

Distribution's token authentication allows to inject an untrusted signing key in a JWT

Impact Systems running registry version 3.0.0-beta.1 with token authentication enabled. Patches Update to at least v3.0.0-rc.3 Workarounds There is no way to work around this issue without patching if your system requires token authentication. References The issue lies in how the JWK verification...

8.7CVSS6.4AI score0.00326EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/02/11 4:15 p.m.25 views

CVE-2025-24976

Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...

8.7CVSS0.00326EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/11 3:48 p.m.13 views

CVE-2025-24976 Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT

Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...

8.7CVSS6.6AI score0.00326EPSS
Exploits0References2
CVE
CVE
added 2025/02/11 3:48 p.m.2768 views

CVE-2025-24976

Distribution’s token authentication flaw (CVE-2025-24976) affects registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token auth enabled. The root cause: JWT JWK verification accepts a header with a certificate chainless JWK but only validates the KeyID against trusted keys, not the actual key...

8.7CVSS6.5AI score0.00326EPSS
Exploits0References2
OSV
OSV
added 2025/02/11 3:48 p.m.17 views

CVE-2025-24976 Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT

Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...

8.7CVSS6.7AI score0.00326EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/11 3:48 p.m.38 views

CVE-2025-24976 Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT

Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...

8.7CVSS0.00326EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/02/11 3:48 p.m.16 views

CVE-2025-24976

Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...

8.7CVSS7.1AI score0.00326EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.4 views

PT-2025-6252

Name of the Vulnerable Software and Affected Versions: Distribution versions 3.0.0-beta.1 through 3.0.0-rc.2 Description: The issue lies in how the JSON web key JWK verification is performed. When a JSON web token JWT contains a JWK header without a certificate chain, the code only checks if the...

9.9CVSS7.9AI score0.93027EPSS
Exploits19References41
SUSE CVE
SUSE CVE
added 2024/12/12 6:58 a.m.5 views

SUSE CVE-2024-53862

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...

7.5CVSS7.1AI score0.00656EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.4 views

WordPress plugin OAuth Single Sign On – SSO (OAuth Client) 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. An authorization issue vulnerability exists in WordPre...

8.1CVSS8.7AI score0.00759EPSS
Exploits0References2
Rows per page
Query Builder