21 matches found
EUVD-2025-21099
Malicious code in bioql PyPI...
CVE-2025-53864
Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...
CVE-2025-53864
Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...
PT-2025-29195
Name of the Vulnerable Software and Affected Versions: Connect2id Nimbus JOSE + JWT versions prior to 10.0.2 Description: The software is susceptible to a denial-of-service condition triggered by a deeply nested JSON object within a JWT claim set. This occurs due to uncontrolled recursion during...
CVE-2025-53864
CVE-2025-53864 is described as a denial of service vulnerability in Nimbus JOSE + JWT where a deeply nested JSON object in a JWT claim set can trigger uncontrolled recursion. IBM security notices cite affected product lines and versions, for example IBM API Connect (OnPrem) v12.1.0.0 and Jazz Fou...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics
Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details CVEID:CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT could provide...
Atlassian Jira Service Management Data Center and Server 5.1.x < 5.4.19 / 5.5.x < 5.12.6 (JSDSERVER-15626)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15626 advisory. - In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource...
DoS (Denial of Service) com.nimbusds:nimbus-jose-jwt Dependency in Confluence Data Center and Server
This High severity com.nimbusds:nimbus-jose-jwt Dependency vulnerability was introduced in versions 3.7 of Confluence Data Center and Server. This com.nimbusds:nimbus-jose-jwt Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Connect2id Nimbus-JOSE-JWT ( CVE-2023-52428)
Summary A vulnerability in Connect2id Nimbus-JOSE-JWT that is used by the JDBC driver in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to a denial of service attack due to Connect2id Nimbus-JOSE-JWT (CVE-2023-52428)
Summary Integrated File Agent used by IBM Sterling Connect:Direct for Microsoft Windows uses Connect2id Nimbus-JOSE-JWT. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id Nimbus-JOSE-JWT is vulnerable to a...
CVE-2023-52428
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...
Code injection
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...
CVE-2023-52428
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...
CVE-2023-52428
CVE-2023-52428 (Nimbus JOSE+JWT) : In Connect2id Nimbus JOSE+JWT prior to 9.37.2, an attacker can trigger a denial of service (resource exhaustion) by sending a large JWE p2c header value (iteration count) for the PasswordBasedDecrypter (PBKDF2) component. This is a component-level vulnerability ...
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Apache Commons is used by IBM Robotic Process Automation as part of the Watson NLP functionality CVE-2022-42889. Connect2id Nimbus JOSE+JWT is used by IBM Robotic Process Automation as part of the...
Security Bulletin: Multiple vulnerabilites affect IBM Jazz Foundation and IBM Engineering products.
Summary There are multiple vulnerabilities that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Requirements Management DOORS Next DOORS Next, IBM Engineering Workflow Management EWM, IBM...
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2015-5237 DESCRIPTION: Google Protocol Buffers could allow a remote attacker to execute arbitrary code on the system, caused by ...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2018-1288 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to bypass security restrictions. By using a manually created fetch request interfering with data replication, an attacker cou...
Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product
Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT...
Oracle Primavera Gateway (Apr 2020 CPU)
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by the following vulnerabilities as referenced in the April 2020 CPU advisory: - In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing...