Lucene search
K

103 matches found

Amazon
Amazon
added 2025/04/14 12:0 a.m.3 views

Medium: nerdctl

Issue Overview: Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing...

8.7CVSS7.8AI score0.00369EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/04/03 1:38 p.m.9 views

go-jose: Go JOSE's Parsing Vulnerable to Denial of Service

A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...

8.7CVSS6.8AI score0.00369EPSS
Exploits0References7
SUSE Linux
SUSE Linux
added 2025/03/14 12:50 p.m.2 views

Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing bsc1239197 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...

8.7CVSS7.4AI score0.00804EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/02/26 2:20 a.m.4 views

SUSE CVE-2025-27144

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

7.5CVSS7AI score0.00369EPSS
Exploits0References46
OSV
OSV
added 2025/02/24 11:15 p.m.6 views

AZL-57105 CVE-2025-27144 affecting package ig for versions less than 0.37.0-3

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.7 views

AZL-57129 CVE-2025-27144 affecting package influxdb for versions less than 2.7.5-2

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.8 views

AZL-57207 CVE-2025-27144 affecting package buildah 1.18.0-29

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.5 views

AZL-57201 CVE-2025-27144 affecting package dcos-cli for versions less than 1.2.0-20

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.7 views

AZL-57195 CVE-2025-27144 affecting package rook for versions less than 1.6.2-25

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.7 views

AZL-57114 CVE-2025-27144 affecting package buildah for versions less than 1.41.4-2

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.8 views

AZL-57165 CVE-2025-27144 affecting package keda for versions less than 2.14.1-3

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.6 views

UBUNTU-CVE-2025-27144

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.8AI score0.00369EPSS
Exploits0References5
OSV
OSV
added 2025/02/24 10:22 p.m.12 views

CVE-2025-27144 Go JOSE's Parsing Vulnerable to Denial of Service

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.6AI score0.00369EPSS
Exploits0References5
OSV
OSV
added 2025/02/21 1:36 p.m.4 views

OESA-2025-1163 python-jwcrypto security update

Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression...

6.8CVSS6.8AI score0.0098EPSS
Exploits1References2
OSV
OSV
added 2024/11/22 2:22 p.m.6 views

OESA-2024-2443 python-jwcrypto security update

Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: VUL-0: CVE-2022-3102: python-jwcrypto: jwcrypto token substitution can lead to authentication bypassCVE-2022-3102 JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6...

6.8CVSS6.9AI score0.0098EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/11/12 9:19 a.m.34 views

Moderate: Red Hat Security Advisory: python-jwcrypto security update

An update for python-jwcrypto is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

5.3CVSS6.3AI score0.00884EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/11/12 12:0 a.m.17 views

RHEL 9 : python-jwcrypto (RHSA-2024:9281)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9281 advisory. The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web...

5.3CVSS6.4AI score0.00884EPSS
Exploits0References7
OSV
OSV
added 2024/11/12 12:0 a.m.20 views

ALSA-2024:9281 Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security Fixes: JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 Fo...

5.3CVSS5.5AI score0.00884EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/11/12 12:0 a.m.22 views

Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security Fixes: JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 Fo...

5.3CVSS6.5AI score0.00884EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.43 views

Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security Fixes: python-jwcrypto: malicious JWE token can cause denial of service...

6.8CVSS6.7AI score0.0098EPSS
Exploits1References4
Rows per page
Query Builder