Design/Logic Flaw

light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.Read More ...

Continue Reading
(RHSA-2023:6818) Important: Satellite 6.14 security and bug fix update

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized too ...

Continue Reading
Json Web Token (JWT) Bypass

json-web-token is vulnerable to Json Web Token (JWT) Bypass. The vulnerability is due to an insecure mechanism used while verifying the signature of a JWT. The library blindly trusts the algorithm lis ...

Continue Reading
Oracle Linux 9 : grafana (ELSA-2023-6420)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-6420 advisory. Grafana is an open-source platform for monitoring an ...

Continue Reading
Debian DSA-5529-1 : slurm-wlm – security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5529 advisory. Note that Nessus has not tested for this issue but has instead relied only ...

Continue Reading
CVE-2023-31580

light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.Read More ...

Continue Reading
Design/Logic Flaw

light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.Read More ...

Continue Reading
Authentication Bypass

neuvector is vulnerable to Authentication Bypass. An attacker can reverse engineer a JWT token, forging a valid taken to perform malicious activity. This can lead to RCE.Read More ...

Continue Reading

Back to Main

Subscribe for the latest news: