Skip to main content

Jwt Attack

507 CVEs product

Monthly

CVE-2019-1813 MEDIUM This Month

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Information Disclosure Nx Os
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-1812 MEDIUM This Month

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Information Disclosure Nx Os
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-1811 MEDIUM This Month

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Information Disclosure Nx Os
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-1810 MEDIUM This Month

A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Information Disclosure Nx Os
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-1809 MEDIUM This Month

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Cisco Nx Os
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2019-1808 MEDIUM This Month

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Information Disclosure Nx Os
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2019-1728 MEDIUM This Month

A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Information Disclosure Nx Os
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2019-6318 CRITICAL Act Now

HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack HP RCE Color Laserjet Cm4540 Mfp Firmware Color Laserjet Enterprise Cp5525 Firmware +141
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-1615 MEDIUM This Month

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Information Disclosure Nx Os
NVD
CVSS 3.0
6.7
EPSS
0.2%
CVE-2018-16557 HIGH This Week

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Simatic S7 400 Firmware Simatic S7 400 Pn Dp V7 Firmware Simatic S7 400H Firmware +1
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2018-18203 MEDIUM POC This Month

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle's USB ports) the ability to rewrite the. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Jwt Attack RCE Starlink 2017 Firmware Starlink 2018 Firmware Starlink 2019 Firmware
NVD GitHub
CVSS 3.0
6.4
EPSS
0.2%
CVE-2018-1842 LOW PATCH Monitor

IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. Rated low severity (CVSS 3.6).

IBM Authentication Bypass Jwt Attack Cognos Analytics Oncommand Insight
NVD
CVSS 3.0
3.6
EPSS
0.3%
CVE-2018-16253 MEDIUM POC PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Jwt Attack Information Disclosure Axtls
NVD GitHub
CVSS 3.0
5.9
EPSS
0.6%
CVE-2018-16150 MEDIUM PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Axtls
NVD GitHub
CVSS 3.0
5.9
EPSS
0.6%
CVE-2018-16149 MEDIUM POC PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Jwt Attack Axtls
NVD GitHub
CVSS 3.0
5.9
EPSS
0.7%
CVE-2018-18653 HIGH POC PATCH This Week

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Ubuntu Jwt Attack Linux RCE Ubuntu Linux
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-8955 CRITICAL POC Act Now

The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack RCE Gravityzone
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-15374 MEDIUM This Month

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Jwt Attack Authentication Bypass Apple Ios Xe
NVD
CVSS 3.0
6.7
EPSS
0.2%
CVE-2018-16152 HIGH This Week

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Strongswan Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2018-16151 HIGH This Week

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Strongswan Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2018-15836 HIGH PATCH This Week

In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Openswan
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-16515 PyPI HIGH PATCH This Week

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Jwt Attack Information Disclosure Synapse Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-0501 MEDIUM PATCH This Month

The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Ubuntu Linux Advanced Package Tool
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2018-10988 HIGH This Week

An issue was discovered on Diqee Diqee360 devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Diqee360 Firmware
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-1000539 Ruby MEDIUM PATCH This Month

Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Json Jwt
NVD GitHub
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-12356 CRITICAL PATCH Act Now

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack RCE Simple Password Store
NVD GitHub
CVSS 3.0
9.8
EPSS
4.6%
CVE-2018-12019 HIGH POC This Week

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Enigmail
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-10407 MEDIUM This Month

An issue was discovered in Carbon Black Cb Response. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Apple Carbon Black Cb
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-10470 MEDIUM This Month

Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Little Snitch
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2018-3756 HIGH This Week

Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Iroha
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2018-6664 HIGH This Week

Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Jwt Attack Data Loss Prevention Endpoint
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-4111 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Apple Mac Os X
NVD
CVSS 3.0
5.9
EPSS
1.2%
CVE-2018-1000076 LIB CRITICAL PATCH Act Now

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Rubygems Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-7711 PHP HIGH PATCH This Week

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure PHP Simplesamlphp Saml2 +1
NVD GitHub
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-7644 PHP HIGH PATCH This Week

The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Simplesamlphp
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-0489 MEDIUM PATCH This Month

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Jwt Attack Information Disclosure Xmltooling C Debian Linux +1
NVD
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-6459 MEDIUM This Month

The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Strongswan
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-0486 MEDIUM This Month

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Jwt Attack Information Disclosure Xmltooling C Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-0114 npm HIGH POC PATCH THREAT This Week

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Cisco Node Jose
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
42.7%
CVE-2017-17848 HIGH This Week

An issue was discovered in Enigmail before 1.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Enigmail Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-17847 HIGH This Week

An issue was discovered in Enigmail before 1.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Enigmail Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-12333 MEDIUM This Month

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Jwt Attack Nx Os Unified Computing System
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2017-12331 MEDIUM This Month

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Jwt Attack Nx Os Unified Computing System
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2017-8190 MEDIUM This Month

FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Jwt Attack Fusionsphere Openstack
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2017-8177 MEDIUM This Month

Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei Jwt Attack Hiwallet
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-11400 MEDIUM This Month

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Tofino Xenon Security Appliance Firmware
NVD GitHub
CVSS 3.0
6.8
EPSS
0.0%
CVE-2017-16853 HIGH This Week

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Opensaml Debian Linux
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2017-16852 HIGH This Week

shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Service Provider Debian Linux
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-5066 MEDIUM This Month

Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Jwt Attack Chrome +3
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2017-12974 Maven HIGH PATCH This Week

Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Nimbus Jose Jwt
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-10669 MEDIUM This Month

Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Osci Transport Library
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2014-9934 HIGH PATCH This Week

A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Linux Jwt Attack Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-2423 CRITICAL Act Now

An issue was discovered in certain Apple products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Jwt Attack Iphone Os Mac Os X
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-8021 MEDIUM POC This Month

Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Intel Jwt Attack Virusscan Enterprise
NVD Exploit-DB
CVSS 3.0
5.0
EPSS
2.8%
CVE-2014-1498 MEDIUM This Month

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Mozilla Denial Of Service Linux Enterprise Desktop Linux Enterprise Server +5
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-3900 MEDIUM KEV PATCH THREAT Act Now

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 78.1%.

Jwt Attack Microsoft RCE
NVD VulDB
CVSS 3.1
5.5
EPSS
78.1%
Threat
4.9
CVE-2026-40941 HIGH This Week

JWT signature verification weakness in the Cacti network monitoring framework (fixed in 1.2.31) lets an authenticated low-privilege user forge or tamper with JSON Web Tokens whose signatures are not properly validated, undermining token integrity. The CWE-347 root cause combined with the vendor's 'Jwt Attack' and 'Information Disclosure' tags points to token forgery that can bypass intended authorization checks. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV; it was reported through the Alpine Linux vendor channel and patched upstream by the Cacti project.

Information Disclosure Jwt Attack Cacti
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Cisco +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Information Disclosure +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack HP RCE +143
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Information Disclosure +1
NVD
EPSS 1% CVSS 8.2
HIGH This Week

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Simatic S7 400 Firmware +3
NVD
EPSS 0% CVSS 6.4
MEDIUM POC This Month

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle's USB ports) the ability to rewrite the. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Jwt Attack RCE Starlink 2017 Firmware +2
NVD GitHub
EPSS 0% CVSS 3.6
LOW PATCH Monitor

IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. Rated low severity (CVSS 3.6).

IBM Authentication Bypass Jwt Attack +2
NVD
EPSS 1% CVSS 5.9
MEDIUM POC PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Jwt Attack Information Disclosure Axtls
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Axtls
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM POC PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Jwt Attack Axtls
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Ubuntu Jwt Attack Linux +2
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack RCE Gravityzone
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Jwt Attack Authentication Bypass +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Strongswan +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Strongswan +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Openswan
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Jwt Attack Information Disclosure Synapse +1
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Ubuntu Linux +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered on Diqee Diqee360 devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Diqee360 Firmware
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Json Jwt
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack RCE Simple Password Store
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Enigmail
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Carbon Black Cb Response. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Apple +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Little Snitch
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Iroha
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Jwt Attack +1
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Apple +1
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Rubygems +1
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure PHP +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Simplesamlphp
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Jwt Attack Information Disclosure +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Strongswan
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Jwt Attack Information Disclosure +2
NVD
EPSS 43% CVSS 7.5
HIGH POC PATCH THREAT This Week

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Cisco +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Enigmail before 1.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Enigmail +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Enigmail before 1.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Enigmail +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Jwt Attack +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Jwt Attack +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Jwt Attack Fusionsphere Openstack
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei Jwt Attack +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Tofino Xenon Security Appliance Firmware
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Opensaml +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Service Provider +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure +5
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Nimbus Jose Jwt
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Osci Transport Library
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An issue was discovered in certain Apple products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Jwt Attack +2
NVD
EPSS 3% CVSS 5.0
MEDIUM POC This Month

Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Intel Jwt Attack +1
NVD Exploit-DB
EPSS 1% CVSS 5.0
MEDIUM This Month

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Mozilla Denial Of Service +7
NVD VulDB
EPSS 78% 4.9 CVSS 5.5
MEDIUM KEV PATCH THREAT Act Now

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 78.1%.

Jwt Attack Microsoft RCE
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

JWT signature verification weakness in the Cacti network monitoring framework (fixed in 1.2.31) lets an authenticated low-privilege user forge or tamper with JSON Web Tokens whose signatures are not properly validated, undermining token integrity. The CWE-347 root cause combined with the vendor's 'Jwt Attack' and 'Information Disclosure' tags points to token forgery that can bypass intended authorization checks. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV; it was reported through the Alpine Linux vendor channel and patched upstream by the Cacti project.

Information Disclosure Jwt Attack Cacti
NVD GitHub
Prev Page 6 of 6

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy