[SECURITY] Fedora 39 Update: golang-github-nats-io-jwt-2-2.5.2-1.fc39

JWT tokens signed using NKeys for Ed25519 for the NATS ecosystem.Read More ...

Continue Reading

December 15, 2023

RHEL 9 : grafana (RHSA-2023:6420)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6420 advisory. Grafana is an open-source platform for mo ...

Continue Reading

December 15, 2023

CVE-2023-48176

An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web...Read More ...

Continue Reading

December 15, 2023

JSON Web Token (JWT) Algorithm Confusion

fast-jwt is vulnerable to JWT Algorithm Confusion. The vulnerability is caused by a missing validation on publicKeyPemMatcher constant defined in fast-jwt/src/crypto.js which is used to match all comm ...

Continue Reading

December 15, 2023

JWT Algorithm Confusion

Summary The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. Details The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not prop ...

Continue Reading

December 15, 2023

Improper JWT Signature Validation in SAP Security Services Library

Impact SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) allows under certain conditions an escalation of privileges. On successful exploitation, an un ...

Continue Reading

December 15, 2023

JWT Algorithm Confusion

Summary The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. Details The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not prop ...

Continue Reading

December 15, 2023

[SECURITY] Fedora 39 Update: golang-github-nats-io-jwt-2-2.5.2-1.fc39

JWT tokens signed using NKeys for Ed25519 for the NATS ecosystem.Read More ...

Continue Reading

December 15, 2023

1 117 118 119 120 121 187

Back to Main
Subscribe for the latest news: