Lucene search
+L

191 matches found

rocky
rocky
added 2024/05/06 1:4 p.m.55 views

DL1 bug fix update

An update is available for custodia, module.custodia, pyusb, python-qrcode, module.slapi-nis, module.pyusb, module.softhsm, python-jwcrypto, python-kdcproxy, module.opendnssec, module.python-kdcproxy, module.ipa, ipa-healthcheck, softhsm, module.python-jwcrypto, ipa, opendnssec, python-yubico,...

7.2AI score
Exploits0
ibm
ibm
added 2024/05/03 7:55 p.m.36 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2024-28102 DESCRIPTION: JWCrypto is vulnerable to a...

9.8CVSS8.2AI score0.04488EPSS
Exploits3Affected Software1
redhat
redhat
added 2024/04/30 1:36 p.m.59 views

Moderate: Red Hat Security Advisory: python-jwcrypto security update

An update for python-jwcrypto is now available for Red Hat Enterprise Linux 9. The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security...

6.8CVSS6.5AI score0.0098EPSS
Exploits1References2
redhat
redhat
added 2024/04/30 1:36 p.m.5 views

python-jwcrypto: malicious JWE token can cause denial of service

An uncontrolled resource consumption vulnerability was found in python-jwcrypto. If a malicious JWE token with a high compression ratio is passed to the server, the server will consume a lot of memory and processing time, leading to a denial of service...

6.8CVSS7.1AI score0.0098EPSS
Exploits1References6
osv
osv
added 2024/04/30 12:0 a.m.42 views

ALSA-2024:2559 Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security Fixes: python-jwcrypto: malicious JWE token can cause denial of service...

6.8CVSS6.8AI score0.0098EPSS
Exploits1References4
almalinux
almalinux
added 2024/04/30 12:0 a.m.45 views

Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security Fixes: python-jwcrypto: malicious JWE token can cause denial of service...

6.8CVSS6.7AI score0.0098EPSS
Exploits1References4
nessus
nessus
added 2024/04/30 12:0 a.m.32 views

RHEL 9 : python-jwcrypto (RHSA-2024:2559)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2559 advisory. The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web...

6.8CVSS6.4AI score0.0098EPSS
Exploits1References5
rocky
rocky
added 2024/04/05 2:56 p.m.18 views

DL1 bug fix and enhancement update

An update is available for custodia, module.custodia, pyusb, python-qrcode, module.slapi-nis, module.pyusb, module.softhsm, python-jwcrypto, python-kdcproxy, module.opendnssec, module.python-kdcproxy, module.ipa, ipa-healthcheck, softhsm, module.python-jwcrypto, ipa, opendnssec, python-yubico,...

7.2AI score
Exploits0
amazon
amazon
added 2024/04/01 12:0 a.m.5 views

Medium: python-jwcrypto

Issue Overview: A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denia...

5.3CVSS6.8AI score0.00884EPSS
Exploits0
amazon
amazon
added 2024/04/01 12:0 a.m.27 views

Medium: python-jwcrypto

Issue Overview: A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denia...

5.3CVSS5.6AI score0.00884EPSS
Exploits0
nessus
nessus
added 2024/04/01 12:0 a.m.39 views

Amazon Linux 2 : python-jwcrypto (ALAS-2024-2506)

The version of python-jwcrypto installed on the remote host is prior to 0.4.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2506 advisory. A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible...

5.3CVSS6.2AI score0.00884EPSS
Exploits0References4
veracode
veracode
added 2024/03/26 5:37 a.m.25 views

Denial Of Service (DoS)

jwcrypto is vulnerable to Denial Of Service DoS. The vulnerability is due to there is no proper validation on the length of tokens being processed by JWCrypto in the file jwe.py. This flaw allowing an attacker being able to exploit a high compression ratio in a malicious JWE Token, consuming...

6.8CVSS6.4AI score0.0098EPSS
Exploits1References5Affected Software1
nvd
nvd
added 2024/03/21 2:52 a.m.24 views

CVE-2024-28102

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

6.8CVSS6.6AI score0.0098EPSS
Exploits1References4
wolfi
wolfi
added 2024/03/21 2:52 a.m.40 views

CVE-2024-28102 vulnerabilities

Vulnerabilities for packages: py3-jwcrypto...

6.8CVSS7.3AI score0.0098EPSS
Exploits1
osv
osv
added 2024/03/21 2:52 a.m.8 views

AZL-43366 CVE-2024-28102 affecting package python-jwcrypto 0.6.0-9

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

6.8CVSS6.5AI score0.0098EPSS
Exploits1References1
cgr
cgr
added 2024/03/21 2:52 a.m.28 views

CVE-2024-28102 vulnerabilities

Vulnerabilities for packages: py3-jwcrypto...

6.8CVSS7AI score0.0098EPSS
Exploits1
ubuntucve
ubuntucve
added 2024/03/21 2:52 a.m.29 views

CVE-2024-28102

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

6.8CVSS6.7AI score0.0098EPSS
Exploits1References3
prion
prion
added 2024/03/14 10:53 p.m.53 views

Code injection

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

6.9AI score0.0098EPSS
Exploits1References2Affected Software1
bdu_fstec
bdu_fstec
added 2024/03/14 12:0 a.m.7 views

The vulnerability of the deserialize() function in the Jwcrypto Python library, which allows a hacker to trigger a denial-of-service attack.

The vulnerability of the deserialize function in the JavaScript library used by Jwcrypto for cryptography involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failure by sending a specially created JWE tok...

6.8CVSS6.4AI score0.0098EPSS
Exploits1References15Affected Software6
susecve
susecve
added 2024/03/12 4:34 a.m.3 views

SUSE CVE-2024-28102

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

6.8CVSS9AI score0.0098EPSS
Exploits1References4
Rows per page
Query Builder