Privilege Escalation

openjdk is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization allowing an attacker to update, insert or delete access to some of Oracle Java SE, ...

Continue Reading
Signature Verification Bypass

Oracle Java SE and Oracle GraalVM Enterprise Edition product of Oracle Java SE (their component: Libraries) are vulnerable to signature verification bypass. The vulnerability is possible due to a flaw ...

Continue Reading
Exploit for Vulnerability in Oracle Graalvm

CVE-2022-21449 Vulnerability tester -------------- # Introducti...Read More ...

Continue Reading
Authentication Bypass

pyjwt is vulnerable to authentication bypass. The library permits an attacker submitting a JWT token to choose which algorithms are used when signing in, enabling non-blocklisted, but weak public key ...

Continue Reading
CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT ...

Continue Reading
Key confusion through non-blocklisted public key formats

### Impact _What kind of vulnerability is it? Who is impacted?_ Disclosed by Aapo Oksman (Senior Security Specialist, Nixu Corporation). > PyJWT supports multiple different JWT signing algorithms. ...

Continue Reading
User Impersonation Via Anonymous Access

github.com/argoproj/argo-cd is vulnerable to user impersonation. An attacker is able to send an invalid JSON Web Token (JWT) along with a request if anonymous access to the Argo CD instance is enabled ...

Continue Reading
CVE-2022-29165

A flaw was found in the ArgoCD component of Red Hat GitOps, where an unauthenticated attacker can craft a malicious JWT token while ArgoCD's anonymous access is enabled and gains full access to the Ar ...

Continue Reading

Back to Main

Subscribe for the latest news:
Generated by Feedzy