12 matches found
CVE-2026-28498
A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect OIDC servers. This vulnerability allows a remote attacker to bypass critical integrity checks in OIDC ID Tokens. Specifically, the library's internal hash verification logic fails open when encountering an...
CVE-2022-50731 crypto: akcipher - default implementation for setting a private key
In the Linux kernel, the following vulnerability has been resolved: crypto: akcipher - default implementation for setting a private key Changes from v1: removed the default implementation from setpubkey: it is assumed that an implementation must always have this callback defined as there are no u...
EUVD-2019-8947
Malware in sbrugna...
GHSA-H7CP-R72F-JXH6 pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos
Summary This affects both: 1. Unsupported algos e.g. sha3-256 / sha3-512 / sha512-256 2. Supported but non-normalized algos e.g. Sha256 / Sha512 / SHA1 / sha-1 / sha-256 / sha-512 All of those work correctly in Node.js, but this polyfill silently returns highly predictable ouput Under Node.js onl...
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos
Summary This affects both: 1. Unsupported algos e.g. sha3-256 / sha3-512 / sha512-256 2. Supported but non-normalized algos e.g. Sha256 / Sha512 / SHA1 / sha-1 / sha-256 / sha-512 All of those work correctly in Node.js, but this polyfill silently returns highly predictable ouput Under Node.js onl...
Generation of Predictable Numbers or Identifiers
Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the pbkdf2Sync method. An attacker can obtain predictable or uninitialized memory as a cryptographic key when key derivation is used with unsupported or non-normalized algorithm names...
CVE-2019-19324
Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...
USN-7182-1 ceph vulnerability
It was discovered that Ceph incorrectly handled unsupported JWT algorithms in the RadosGW gateway. An attacker could possibly use this issue to bypass certain authentication checks and restrictions...
SUSE CVE-2024-26590
In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However,...
bind security update
32:9.11.4-26.P2.4 - Fix off-by-one bug in ISC SPNEGO implementation CVE-2020-8625 32:9.11.4-26.P2.3 - Fix inline re-signing rh1889902 32:9.11.4-26.P2.2 - Fix unsupported algorithms validation rh1769876 32:9.11.4-26.P2.1 - Fix tsig-request verify CVE-2020-8622 - Prevent PKCS11 daemon crash on...
CVE-2019-19324
Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...
CVE-2019-19324
Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...