Kddi & Gree Security Vulnerabilities
gree/jose - "None" Algorithm treated as valid in tokens
Several widely-used JSON Web Token (JWT) libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys (RS256, RS384, RS512, ES256, ES384,...
7.3AI Score
gree/jose - "None" Algorithm treated as valid in tokens
Several widely-used JSON Web Token (JWT) libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys (RS256, RS384, RS512, ES256, ES384,...
7.3AI Score
7.3AI Score
7.8CVSS
7.4AI Score
0.006EPSS
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted...
7.5CVSS
6.8AI Score
0.001EPSS
PHP JOSE Library by Gree Inc. Uses a Broken or Risky Cryptographic Algorithm
The PHP JOSE Library by Gree Inc. prior to 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted...
7.5CVSS
2.6AI Score
0.001EPSS
The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request...
8.8CVSS
8.5AI Score
0.001EPSS
7.5AI Score
The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request...
8.8CVSS
8.7AI Score
0.001EPSS
PHP JOSE Library by Gree Inc. Uses a Broken or Risky Cryptographic Algorithm
The PHP JOSE Library by Gree Inc. prior to 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted...
7.5CVSS
2.6AI Score
0.001EPSS
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted...
7.5CVSS
7AI Score
0.001EPSS
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted...
7.5CVSS
7.5AI Score
0.001EPSS
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted...
7.5CVSS
7.4AI Score
0.001EPSS
The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before...
6.2AI Score
0.002EPSS
The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before...
6.1AI Score
0.002EPSS
Directory traversal vulnerability in the GREE application before 1.3.3 for Android allows remote attackers to obtain sensitive information via a crafted URL, which is not properly handled during interaction with other...
6AI Score
0.002EPSS
Directory traversal vulnerability in the GREE application before 1.3.3 for Android allows remote attackers to obtain sensitive information via a crafted URL, which is not properly handled during interaction with other...
6.2AI Score
0.002EPSS
Security update for vim (important)
An update that solves 40 vulnerabilities and has two fixes is now available. Description: This update for vim fixes the following issues: Updated to version 9.0 with patch level 0313: CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902). CVE-2022-2182: Fixed...
9.8CVSS
AI Score
0.006EPSS
Cross site request forgery (csrf)
The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request...
8.8CVSS
8.5AI Score
0.001EPSS
The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request...
8.7AI Score
0.001EPSS
gree/jose is vulnerable to signature verification bypass. The vulnerability exists as there was an issue in the key confusion/algorithm...
7.5CVSS
2.5AI Score
0.001EPSS
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted...
7.5AI Score
0.001EPSS
6.9AI Score
7.2AI Score
0.6AI Score
gree-bulgaria.com XSS vulnerability
Vulnerable URL: http://gree-bulgaria.com/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=3544%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...
6.3AI Score
auto-format of Curl responses may lead to code execution
When executing a cURL request using the Request_Curl class with an unvalidated URL provided by user input, or a request to a malicious or a legitimate but hacked website, a specially crafted response can lead to auto-execution of malicious code, due to the way the auto formatting mechanism works......
6.8AI Score
0.031EPSS
Directory traversal vulnerability in the GREE application before 1.3.3 for Android allows remote attackers to obtain sensitive information via a crafted URL, which is not properly handled during interaction with other...
6AI Score
0.002EPSS
Directory traversal vulnerability in the GREE application before 1.3.3 for Android allows remote attackers to obtain sensitive information via a crafted URL, which is not properly handled during interaction with other...
6.6AI Score
0.002EPSS
JVN#78601526: GREE for Android vulnerable to directory traversal
GREE for Android contains an issue in handling URL inputs, which may result in a directory traversal vulnerability. ## Impact If a user of the affected product uses another malicious Android application, information managed by the affected product may be disclosed. ## Solution Update the software.....
6.2AI Score
0.002EPSS
The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before...
6.1AI Score
0.002EPSS
The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before...
6.6AI Score
0.002EPSS
JVN#99192898: Multiple GREE Android applications vulnerable in the WebView class
Multiple Android applications that use the SDK for HTML-based applications provided by GREE contain a vulnerability in the WebView class. ## Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. ##...
6.3AI Score
0.002EPSS
Medium severity flaw in QNX Neutrino RTOS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory (NDSA20110310) Date: 10th March 2011 Author: Tim Brown <mailto:[email protected]> URL: <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/> Product: QNX Neutrino RTOS 6.5.0...
0.2AI Score
-0.5AI Score