(This advisory is canonically ) ## Problem Description The NATS server provides for Subjects which are namespaced by Account; all Subjects are supposed to be private to an account, with an Export/Impo ...
Continue Reading30 мая, 2022
## Problem Description The NATS account system has an Operator trusted by the servers, which signs Accounts, and each Account can then create and sign Users within their account. The Operator should ...
Continue Reading30 мая, 2022
## Problem Description The NATS account system has an Operator trusted by the servers, which signs Accounts, and each Account can then create and sign Users within their account. The Operator should ...
Continue Reading30 мая, 2022
## Problem Description NATS nats-server through 2020-10-07 has Incorrect Access Control because of how expired credentials are handled. The NATS accounts system has expiration timestamps on credential ...
Continue Reading30 мая, 2022
## Problem Description NATS nats-server through 2020-10-07 has Incorrect Access Control because of how expired credentials are handled. The NATS accounts system has expiration timestamps on credential ...
Continue Reading30 мая, 2022
### Impact Several vulnerabilities have been reported in the `time` and `chrono` crates related to handling of calls to `localtime_r`. You can follow some of the discussions [here](https://github.com/ ...
Continue Reading30 мая, 2022
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attack ...
Continue Reading30 мая, 2022
Envoy, which Pomerium is based on, has issued multiple CVEs impacting stability and security. Though Pomerium may not be vulnerable to all of the issues, it is recommended that all users upgrade to Po ...
Continue Reading30 мая, 2022
Back to Main