• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-345

CVE-2020-16250

February 26, 2023 by

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..

CVE-2020-16122

February 26, 2023 by

PackageKit’s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.

CVE-2020-15899

February 26, 2023 by

Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble.

CVE-2020-15699

February 26, 2023 by

An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.

CVE-2020-15262

February 26, 2023 by

In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. This issue is patched in version 1.5.1.

CVE-2020-15222

February 26, 2023 by

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using “private_key_jwt” authentication the uniqueness of the `jti` value is not checked. When using client authentication method “private_key_jwt”, OpenId specification says the following about assertion `jti`: “A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties”. Hydra does not seem to check the uniqueness of this `jti` value. This problem is fixed in version 0.31.0.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 5
  • Go to page 6
  • Go to page 7
  • Go to page 8
  • Go to page 9
  • Interim pages omitted …
  • Go to page 34
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE