CVE-2023-36647

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and RES ...

Continue Reading

December 15, 2023

[SECURITY] Fedora 38 Update: golang-github-nats-io-jwt-2-2.5.3-1.fc38

JWT tokens signed using NKeys for Ed25519 for the NATS...Read More ...

Continue Reading

December 15, 2023

CVE-2023-44252

** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker t ...

Continue Reading

December 15, 2023

CVE-2023-36649

Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by ...

Continue Reading

December 15, 2023

[SECURITY] Fedora 39 Update: golang-github-nats-io-jwt-2-2.5.3-1.fc39

JWT tokens signed using NKeys for Ed25519 for the NATS...Read More ...

Continue Reading

December 15, 2023

Improper JWT Signature Validation in SAP Security Services Library

Impact SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) allows under certain conditions an escalation of privileges. On successful exploitation, an un ...

Continue Reading

December 15, 2023

CVE-2023-44252

** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker t ...

Continue Reading

December 15, 2023

CVE-2023-49290

lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial ...

Continue Reading

December 15, 2023

1 143 144 145 146 147 187

Back to Main
Subscribe for the latest news: