Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.11 views

RockyLinux 10 : python-jwcrypto (RLSA-2026:19042)

The remote RockyLinux 10 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:19042 advisory. JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens CVE-2026-39373 Tenable has extracted the preceding...

5.3CVSS5.8AI score0.00294EPSS
Exploits1References3
OSV
OSV
added 2026/05/28 3:43 p.m.12 views

RLSA-2026:19197 Low: python-jwcrypto security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS5.8AI score0.00294EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.7 views

RockyLinux 9 : python-jwcrypto (RLSA-2026:19197)

The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:19197 advisory. JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens CVE-2026-39373 Tenable has extracted the preceding descripti...

5.3CVSS5.8AI score0.00294EPSS
Exploits1References3
OSV
OSV
added 2026/05/19 12:0 a.m.12 views

ALSA-2026:19042 Low: python-jwcrypto security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

5.3CVSS5.8AI score0.00294EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2026/05/19 12:0 a.m.12 views

Low: python-jwcrypto security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

5.3CVSS5.8AI score0.00294EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.9 views

RHEL 9 : python-jwcrypto (RHSA-2026:19197)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:19197 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

5.3CVSS5.9AI score0.00294EPSS
Exploits1References5
Amazon
Amazon
added 2026/04/30 12:0 a.m.14 views

Important: python-jwcrypto

Issue Overview: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does...

5.3CVSS6.2AI score0.00294EPSS
Exploits1
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/19 12:0 a.m.15 views

python311-jwcrypto-1.5.7-2.1 on GA media (moderate)

python311-jwcrypto-1.5.7-2.1 on GA media Announcement ID: openSUSE-SU-2026:10576-1 Rating: moderate Cross-References: CVE-2026-39373 CVSS scores: CVE-2026-39373 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-39373 SUSE : 8.7...

8.7CVSS5.8AI score0.00294EPSS
Exploits1
OSV
OSV
added 2026/04/17 1:0 p.m.9 views

OESA-2026-1925 python-jwcrypto security update

Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing...

5.3CVSS5.8AI score0.00294EPSS
Exploits1References2
Circl
Circl
added 2026/04/08 12:16 a.m.7 views

CVE-2026-39373

creationtimestamp| type| source ---|---|--- 2026-04-08 00:16:14+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-fjrm-76x2-c4q4...

5.3CVSS5.8AI score0.00294EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/04/08 12:16 a.m.10 views

alastria-auth (>=0.0.3 <=0.0.17), alastria-identity (>=0.2.0 <=0.4.0) +61 more potentially affected by CVE-2026-39373 via jwcrypto (>=0.4.0 <=1.5.6)

jwcrypto PYPI version =0.4.0, =0.0.3, =0.2.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.11.0rc1, =0.4.0a0, =2.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0.2, =0.1.0.8 and more Source cves: CVE-2026-39373 Source advisory: OSV:GHSA-FJRM-76X2-C4Q4...

5.3CVSS5.4AI score0.00294EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-39373

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending...

6.8CVSS6.6AI score0.0098EPSS
Exploits2References4
Rows per page
Query Builder