CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Tenable Nessus•added 2025/03/05 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2023-6681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary...

5.3CVSS6.2AI score0.00029EPSS

Exploits0References3

Tenable Nessus•added 2024/04/01 12:0 a.m.•37 views

Amazon Linux 2 : python-jwcrypto (ALAS-2024-2506)

The version of python-jwcrypto installed on the remote host is prior to 0.4.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2506 advisory. A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible...

5.3CVSS6.2AI score0.00029EPSS

Exploits0References4

OSV•added 2024/02/12 2:15 p.m.•4 views

CVE-2023-6681

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service...

5.3CVSS5.2AI score0.00029EPSS

Exploits0References4

UbuntuCve•added 2024/02/12 2:15 p.m.•23 views

CVE-2023-6681

5.3CVSS6.3AI score0.00029EPSS

Exploits0References1

Cvelist•added 2024/02/12 2:4 p.m.•21 views

CVE-2023-6681 Jwcrypto: denail of service via specifically crafted jwe

5.3CVSS5.6AI score0.00029EPSS

Exploits0References4

Vulnrichment•added 2024/02/12 2:4 p.m.•24 views

CVE-2023-6681 Jwcrypto: denail of service via specifically crafted jwe

5.3CVSS6.7AI score0.00029EPSS

Exploits0References4

AlpineLinux•added 2024/02/12 2:4 p.m.•36 views

CVE-2023-6681

5.3CVSS5.3AI score0.00029EPSS

Exploits0

OSV•added 2023/12/11 3:8 p.m.•13 views

GO-2023-2379 Denial of service due to malicious parameters in github.com/lestrrat-go/jwx

The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its purpose is to intentionally slow down the key derivation function, making password brute-force...

5.3CVSS5.4AI score0.00183EPSS

Exploits1References2

OSV•added 2023/12/05 11:29 p.m.•12 views

GHSA-7F9X-GW85-8GRF lestrrat-go/jwx's malicious parameters in JWE can cause a DOS

Summary too high p2c parameter in JWE's alg PBES2- could lead to a DOS attack Details The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary...

5.3CVSS5.4AI score0.00183EPSS

Exploits1References4

Github Security Blog•added 2023/12/05 11:29 p.m.•13 views

lestrrat-go/jwx's malicious parameters in JWE can cause a DOS

5.3CVSS6.9AI score0.00183EPSS

Exploits1References4Affected Software2

NVD•added 2023/12/05 12:15 a.m.•13 views

CVE-2023-49290

lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...

5.3CVSS0.00183EPSS

Exploits1References2