Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2023/07/24 5:33 p.m.19 views

Security Bulletin: Cisco node-jose is vulnerable to CVE-2023-25653 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Cisco node-jose which is vulnerable to CVE-2023-25653. Vulnerability Details CVEID:CVE-2023-25653 DESCRIPTION: Cisco node-jose is vulnerable to a denial of service, caused by improper calculations in ECC implementation. By sending a...

7.5CVSS7.4AI score0.00552EPSS
Exploits0Affected Software1
Packet Storm
Packet Stormadded 2018/03/22 12:0 a.m.36 views

Cisco node-jos Resign Tokens Proof Of Concept

import base64 import urllib import rsa import sys zi0Black ''' POC of CVE-2018-0114 Cisco node-jose 0.11.0 Created by Andrea Cappa aka @zi0Black GitHub,Twitter,Telegram Mail: [email protected] Site: https://zioblack.xyz A special thanks to Louis Nyffenegger, the founder of PentesterLab, for al...

5CVSS7.5AI score0.42651EPSS
Exploits6
Exploit DB
Exploit DBadded 2018/03/20 12:0 a.m.57 views

Cisco node-jos < 0.11.0 - Re-sign Tokens

!/usr/bin/env python3 import base64 from urllib.parse import quoteplus import rsa import sys zi0Black ''' EDB Note: This has been updated https://github.com/offensive-security/exploitdb/pull/139 POC of CVE-2018-0114 Cisco node-jose = 8 return b::-1 def generateheaderpayloadpayload,pubkey: create...

7.5CVSS7.5AI score0.42651EPSS
Exploits6
ATTACKERKB
ATTACKERKBadded 2018/01/04 6:29 a.m.4 views

CVE-2018-0114

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature JWS standard for JSON Web Tokens JWTs...

7.5CVSS5.8AI score0.42651EPSS
Exploits6References6
Vulnrichment
Vulnrichmentadded 2018/01/04 6:0 a.m.8 views

CVE-2018-0114

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature JWS standard for JSON Web Tokens JWTs...

6.8AI score0.42651EPSS
Exploits6References5
CNVD
CNVDadded 2017/12/25 12:0 a.m.2 views

Cisco node-jose open source library security bypass vulnerability

Cisco node-jose open source library is the United States Cisco Cisco company based on a Web browser and node.js server JSON object signing and encryption of open source library . A security bypass vulnerability exists in the Cisco node-jose open source library that stems from node-jose's use of t...

7.5CVSS6.9AI score0.42651EPSS
Exploits6References1
Rows per page
Query Builder