Skip to main content

Jwt Attack

507 CVEs product

Monthly

CVE-2021-21405 Go HIGH POC PATCH This Week

Lotus is an Implementation of the Filecoin protocol written in Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Lotus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-30246 npm CRITICAL PATCH Act Now

In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Node.js Jwt Attack Jsrsasign
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-30130 PHP HIGH PATCH This Week

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Phpseclib Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-1376 MEDIUM This Month

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple RCE Jwt Attack Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-1375 MEDIUM This Month

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple RCE Jwt Attack Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-1453 MEDIUM This Month

A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Authentication Bypass Jwt Attack Ios Xe
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-3406 CRITICAL Act Now

A flaw was found in keylime 5.8.1 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Keylime Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-1366 HIGH This Week

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco RCE Microsoft Jwt Attack Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-3033 CRITICAL Act Now

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Paloalto Jwt Attack Prisma Cloud
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-1244 MEDIUM This Month

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Jwt Attack Ios Xr
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-1136 MEDIUM This Month

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Jwt Attack Ios Xr
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-21239 PyPI MEDIUM POC PATCH This Month

PySAML2 is a pure python implementation of SAML Version 2 Standard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Jwt Attack Pysaml2 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-21238 PyPI MEDIUM PATCH This Month

PySAML2 is a pure python implementation of SAML Version 2 Standard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Jwt Attack Pysaml2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-26290 Go CRITICAL PATCH Act Now

Dex is a federated OpenID Connect provider written in Go. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mattermost Jwt Attack Authentication Bypass Dex
NVD GitHub
CVSS 3.1
9.6
EPSS
1.0%
CVE-2020-11093 PyPI HIGH POC PATCH This Week

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Authentication Bypass Indy Node
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-28086 HIGH This Week

pass through 1.7.3 has a possibility of using a password for an unintended resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Password Store
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-26122 HIGH This Week

Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Nf8480M5 Firmware Nf8260M5 Firmware Ns5162M5 Firmware +12
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2020-29438 MEDIUM POC This Month

Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Model X Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-24439 LOW PATCH Monitor

Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity.

Adobe Jwt Attack Authentication Bypass Apple Acrobat +3
NVD
CVSS 3.1
2.8
EPSS
0.6%
CVE-2020-24429 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Jwt Attack Apple Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2020-28045 HIGH POC This Week

An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Prolinos
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-28042 NuGet MEDIUM POC PATCH This Month

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Servicestack
NVD GitHub
CVSS 3.1
5.3
EPSS
2.3%
CVE-2020-11488 MEDIUM This Month

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure RCE Jwt Attack Nvidia Bmc Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-16922 MEDIUM PATCH This Month

<p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity.

Jwt Attack Microsoft Authentication Bypass Windows 10 Windows 7 +6
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-12676 CRITICAL POC Act Now

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack". Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jwt Attack Samlv2
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%
CVE-2020-26540 HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Apple Foxit Reader Phantompdf
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-15216 Go MEDIUM PATCH This Month

In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Authentication Bypass Goxmldsig Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-14365 PyPI HIGH PATCH This Week

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Ansible Engine Ansible Tower Ceph Storage +2
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2020-25490 HIGH POC This Week

Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Code Injection PHP Php Microagent
NVD
CVSS 3.1
7.3
EPSS
1.2%
CVE-2020-14515 HIGH This Week

CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Codemeter
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-10759 MEDIUM POC This Month

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Authentication Bypass Red Hat Enterprise Linux
NVD GitHub
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-13593 HIGH This Week

The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Simplelink Cc2640R2 Software Development Kit
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-13101 HIGH This Week

In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Oasis Digital Signature Services
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-1464 HIGH POC KEV PATCH THREAT This Week

A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Jwt Attack Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 +16
NVD
CVSS 3.1
7.8
EPSS
41.1%
CVE-2020-15827 HIGH This Week

In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Toolbox
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-15957 HIGH PATCH This Week

An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Dp3T Backend Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-15705 MEDIUM PATCH This Month

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. Rated medium severity (CVSS 6.4).

Jwt Attack Authentication Bypass Grub2 Enterprise Linux Atomic Host Openshift Container Platform +11
NVD
CVSS 3.1
6.4
EPSS
1.4%
CVE-2020-10608 HIGH This Week

In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Pi Api Pi Buffer Subsystem Pi Connector +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-13845 Go HIGH PATCH This Week

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Singularity
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-15093 Cargo HIGH PATCH This Week

The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Tough
NVD GitHub
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-9226 MEDIUM This Month

HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Huawei Information Disclosure P30 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-15091 Go MEDIUM POC PATCH This Month

TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Tendermint
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-2021 CRITICAL KEV THREAT Act Now

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Paloalto Pan Os
NVD
CVSS 3.1
10.0
EPSS
4.4%
CVE-2020-9047 HIGH POC This Week

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Command Injection Exacqvision Enterprise Manager Exacqvision Web Service
NVD
CVSS 3.1
7.2
EPSS
7.8%
CVE-2020-15302 HIGH POC This Week

In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jwt Attack Recoverymanager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-14966 npm HIGH POC PATCH This Week

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jwt Attack Canonical Jsrsasign +1
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-14199 MEDIUM This Month

BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Trezor Model T Firmware Trezor One Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-13895 HIGH PATCH This Week

Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure P5 Crypt Perl
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-13810 HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Authentication Bypass Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-13803 HIGH PATCH This Week

An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Authentication Bypass Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-3209 MEDIUM PATCH This Month

A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Cisco Jwt Attack Apple Ios Xe
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-12607 PyPI HIGH POC PATCH This Week

An issue was discovered in fastecdsa before 2.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Fastecdsa
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-13415 HIGH POC This Week

An issue was discovered in Aviatrix Controller through 5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jwt Attack Controller
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-9753 CRITICAL Act Now

Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Whale Browser Installer
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-12244 HIGH This Week

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Authentication Bypass Recursor Fedora Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-12046 MEDIUM This Month

Opto 22 SoftPAC Project Version 9.6 and prior. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Softpac Project
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2020-12042 MEDIUM This Month

Opto 22 SoftPAC Project Version 9.6 and prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Softpac Project
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-5407 Maven HIGH PATCH This Week

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Jwt Attack Spring Security
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-3308 MEDIUM This Month

A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Jwt Attack Authentication Bypass Firepower Threat Defense Secure Firewall Management Center
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2020-8324 MEDIUM This Month

A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Jwt Attack Information Disclosure System Interface Foundation
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-2146 Maven HIGH PATCH This Week

Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Jenkins Information Disclosure Mac
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2020-9283 Go HIGH POC PATCH THREAT This Week

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Package Ssh Debian Linux
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
21.1%
CVE-2020-3138 MEDIUM This Month

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Jwt Attack Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-6174 PyPI CRITICAL PATCH Act Now

TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure The Update Framework
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-7906 HIGH This Week

In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Microsoft Information Disclosure Rider
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-5390 PyPI HIGH PATCH This Week

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jwt Attack Pysaml2 Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-19962 HIGH PATCH This Week

wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Jwt Attack Wolfssl
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-16753 HIGH POC This Week

An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Decentralized Anonymous Payment System Private Instant Verified Transactions
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-3465 PHP HIGH PATCH This Week

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Jwt Attack Information Disclosure Xmlseclibs Debian Linux Simplesamlphp
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-0071 HIGH This Week

Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Jwt Attack Information Disclosure Junos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-16992 HIGH This Week

The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Apple Information Disclosure Keybase
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-11755 HIGH This Week

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-12662 MEDIUM This Month

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Apple RCE Ios Xe +51
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-12649 MEDIUM This Month

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Apple Information Disclosure Ios Xe +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2019-15545 Cargo HIGH PATCH This Week

An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Libp2P
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2019-5592 MEDIUM This Month

Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Jwt Attack Oracle Fortinet +1
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2019-9154 npm HIGH POC PATCH This Week

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Openpgpjs
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-9153 npm HIGH POC PATCH This Week

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Openpgpjs
NVD GitHub
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-5299 HIGH This Week

Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Huawei RCE Hima Al00B Firmware
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2019-2278 HIGH PATCH This Week

User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Jwt Attack Qualcomm Mdm9607 Firmware Mdm9640 Firmware +13
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-1010161 CRITICAL Act Now

perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Perl Crypt Jwt
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-1010279 HIGH POC PATCH This Week

Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Denial Of Service Suricata
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-1010263 CRITICAL POC PATCH Act Now

Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Jwt Attack
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-9149 MEDIUM POC This Month

Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Mailvelope
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-13177 PyPI CRITICAL POC PATCH Act Now

verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Python Information Disclosure Django Rest Registration
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-10136 MEDIUM This Month

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Satellite Spacewalk
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2019-5300 MEDIUM This Month

There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Huawei Ar1200 Firmware Ar1200 S Firmware +9
NVD
CVSS 3.0
6.7
EPSS
0.2%
CVE-2019-11841 Go MEDIUM POC PATCH This Month

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Crypto Debian Linux
NVD
CVSS 3.1
5.9
EPSS
2.0%
CVE-2019-12269 HIGH POC This Week

Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Enigmail
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-8338 MEDIUM PATCH This Month

The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 (9) and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Code Injection Jwt Attack Gpg Pgp
NVD GitHub
CVSS 3.0
5.9
EPSS
1.7%
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Lotus is an Implementation of the Filecoin protocol written in Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Lotus
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Node.js Jwt Attack +1
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Phpseclib +1
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple RCE +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple RCE +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Authentication Bypass +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A flaw was found in keylime 5.8.1 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Keylime +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco RCE Microsoft +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Paloalto Jwt Attack +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

PySAML2 is a pure python implementation of SAML Version 2 Standard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Jwt Attack +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

PySAML2 is a pure python implementation of SAML Version 2 Standard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Jwt Attack +1
NVD GitHub
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

Dex is a federated OpenID Connect provider written in Go. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mattermost Jwt Attack Authentication Bypass +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Authentication Bypass Indy Node
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

pass through 1.7.3 has a possibility of using a password for an unintended resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Password Store
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Nf8480M5 Firmware +14
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Model X Firmware
NVD
EPSS 1% CVSS 2.8
LOW PATCH Monitor

Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity.

Adobe Jwt Attack Authentication Bypass +5
NVD
EPSS 3% CVSS 7.8
HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Jwt Attack +5
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Prolinos
NVD
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Servicestack
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure RCE Jwt Attack +2
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

<p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity.

Jwt Attack Microsoft Authentication Bypass +8
NVD
EPSS 3% CVSS 9.1
CRITICAL POC Act Now

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack". Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jwt Attack Samlv2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Apple +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Authentication Bypass Goxmldsig +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Ansible Engine +4
NVD
EPSS 1% CVSS 7.3
HIGH POC This Week

Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Code Injection PHP +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Codemeter
NVD
EPSS 0% CVSS 6.0
MEDIUM POC This Month

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Authentication Bypass Red Hat +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Simplelink Cc2640R2 Software Development Kit
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Oasis Digital Signature Services
NVD
EPSS 41% CVSS 7.8
HIGH POC KEV PATCH THREAT This Week

A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Jwt Attack Microsoft Authentication Bypass +18
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Toolbox
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Dp3T Backend Software Development Kit
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. Rated medium severity (CVSS 6.4).

Jwt Attack Authentication Bypass Grub2 +13
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Pi Api +8
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Singularity
NVD GitHub
EPSS 1% CVSS 8.6
HIGH PATCH This Week

The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Tough
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Huawei Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Tendermint
NVD GitHub
EPSS 4% CVSS 10.0
CRITICAL KEV THREAT Act Now

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Paloalto +1
NVD
EPSS 8% CVSS 7.2
HIGH POC This Week

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Command Injection Exacqvision Enterprise Manager +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jwt Attack Recoverymanager
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jwt Attack +3
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Trezor Model T Firmware +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure P5 Crypt Perl
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Authentication Bypass Phantompdf +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Authentication Bypass Phantompdf +1
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Cisco Jwt Attack +2
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in fastecdsa before 2.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Fastecdsa
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered in Aviatrix Controller through 5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jwt Attack Controller
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Whale Browser Installer
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Authentication Bypass Recursor +4
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Opto 22 SoftPAC Project Version 9.6 and prior. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Softpac Project
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Opto 22 SoftPAC Project Version 9.6 and prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Softpac Project
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Jwt Attack +1
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Jwt Attack Authentication Bypass +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Jwt Attack Information Disclosure +1
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Jenkins Information Disclosure +1
NVD
EPSS 21% CVSS 7.5
HIGH POC PATCH THREAT This Week

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Package Ssh +1
NVD Exploit-DB
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Jwt Attack Information Disclosure +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure The Update Framework
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jwt Attack Pysaml2 +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Jwt Attack Wolfssl
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Decentralized Anonymous Payment System +1
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Jwt Attack Information Disclosure Xmlseclibs +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Jwt Attack Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Apple Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Mozilla Information Disclosure +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Apple +53
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Apple +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Libp2P
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Jwt Attack +3
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Openpgpjs
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Openpgpjs
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Huawei RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Jwt Attack Qualcomm +15
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Perl Crypt Jwt
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Denial Of Service Suricata
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Jwt Attack
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Mailvelope
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Python Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Satellite +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Huawei +11
NVD
EPSS 2% CVSS 5.9
MEDIUM POC PATCH This Month

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Crypto +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Enigmail
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 (9) and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Code Injection Jwt Attack Gpg Pgp
NVD GitHub
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy