Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 10:47 a.m.8 views

Security Bulletin: Fulcio OIDC Token Parsing DoS Vulnerability in extractIssuerURL affects watsonx.data

Summary ulcio prior to 1.8.3 is vulnerable to a Denial-of-Service DoS issue where malicious OIDC tokens containing excessive period characters can trigger high memory allocation during parsing. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-66506 DESCRIPTION: Fulcio is a...

7.5CVSS5.9AI score0.00184EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 6:0 a.m.7 views

Security Bulletin: Multiple Vulnerabilities for EDB Cloudpack for Data CP4D 5.3.1

Summary Security Bulletin of Multiple Vulnerabilities from EDB Cloudpack for Data.CP4D 5.3.1. IBM strongly recommends addressing the vulnerability now by upgrading.to 5.3.1 Vulnerability Details CVEID:CVE-2025-58189 DESCRIPTION: When Conn.Handshake fails during ALPN negotiation the error contains...

7.7CVSS7.1AI score0.73495EPSS
Exploits4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/11 5:22 a.m.3 views

CVE-2025-66506

A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service DoS due to excessive memory allocation when processing a malicious OpenID Connect OIDC identity token containing numerous period characters...

7.5CVSS6AI score0.00184EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/04 10:4 p.m.2 views

CVE-2025-66506 Fulcio allocates excessive memory during token parsing

Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3, function identity.extractIssuerURL splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious...

7.5CVSS6.6AI score0.00184EPSS
Exploits0References2
Rows per page
Query Builder