Lucene search
K

21 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2025-21099

Malicious code in bioql PyPI...

5.8CVSS7.2AI score0.00806EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/07/11 12:0 a.m.13 views

CVE-2025-53864

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...

5.8CVSS0.00806EPSS
Exploits0References5
OSV
OSV
added 2025/07/11 12:0 a.m.10 views

CVE-2025-53864

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...

5.8CVSS7AI score0.00806EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/07/11 12:0 a.m.3 views

PT-2025-29195

Name of the Vulnerable Software and Affected Versions: Connect2id Nimbus JOSE + JWT versions prior to 10.0.2 Description: The software is susceptible to a denial-of-service condition triggered by a deeply nested JSON object within a JWT claim set. This occurs due to uncontrolled recursion during...

5.8CVSS7.3AI score0.00806EPSS
Exploits0References16
CVE
CVE
added 2025/07/11 12:0 a.m.341 views

CVE-2025-53864

CVE-2025-53864 is described as a denial of service vulnerability in Nimbus JOSE + JWT where a deeply nested JSON object in a JWT claim set can trigger uncontrolled recursion. IBM security notices cite affected product lines and versions, for example IBM API Connect (OnPrem) v12.1.0.0 and Jazz Fou...

5.8CVSS6.9AI score0.00806EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 1:54 a.m.72 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics

Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details CVEID:CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT could provide...

9.3CVSS10AI score0.87806EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/01/07 12:0 a.m.19 views

Atlassian Jira Service Management Data Center and Server 5.1.x < 5.4.19 / 5.5.x < 5.12.6 (JSDSERVER-15626)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15626 advisory. - In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource...

7.5CVSS6.5AI score0.00814EPSS
Exploits0References2
Atlassian
Atlassian
added 2024/10/16 8:11 p.m.27 views

DoS (Denial of Service) com.nimbusds:nimbus-jose-jwt Dependency in Confluence Data Center and Server

This High severity com.nimbusds:nimbus-jose-jwt Dependency vulnerability was introduced in versions 3.7 of Confluence Data Center and Server. This com.nimbusds:nimbus-jose-jwt Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...

7.5CVSS7AI score0.00814EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/05 7:50 p.m.28 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Connect2id Nimbus-JOSE-JWT ( CVE-2023-52428)

Summary A vulnerability in Connect2id Nimbus-JOSE-JWT that is used by the JDBC driver in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user...

7.5CVSS9.2AI score0.00814EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/14 9:36 a.m.54 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to a denial of service attack due to Connect2id Nimbus-JOSE-JWT (CVE-2023-52428)

Summary Integrated File Agent used by IBM Sterling Connect:Direct for Microsoft Windows uses Connect2id Nimbus-JOSE-JWT. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id Nimbus-JOSE-JWT is vulnerable to a...

7.5CVSS9.1AI score0.00814EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/02/11 5:15 a.m.27 views

CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

7.5CVSS9.1AI score0.00814EPSS
Exploits0References3
Prion
Prion
added 2024/02/11 5:15 a.m.32 views

Code injection

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

7.3AI score0.00814EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/11 12:0 a.m.24 views

CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

9.2AI score0.00814EPSS
Exploits0References3
CVE
CVE
added 2024/02/11 12:0 a.m.6631 views

CVE-2023-52428

CVE-2023-52428 (Nimbus JOSE+JWT) : In Connect2id Nimbus JOSE+JWT prior to 9.37.2, an attacker can trigger a denial of service (resource exhaustion) by sending a large JWE p2c header value (iteration count) for the PasswordBasedDecrypter (PBKDF2) component. This is a component-level vulnerability ...

7.5CVSS6.3AI score0.00814EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/06 9:23 p.m.69 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Apache Commons is used by IBM Robotic Process Automation as part of the Watson NLP functionality CVE-2022-42889. Connect2id Nimbus JOSE+JWT is used by IBM Robotic Process Automation as part of the...

6.8CVSS9.9AI score0.99931EPSS
Exploits56Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/16 5:54 p.m.67 views

Security Bulletin: Multiple vulnerabilites affect IBM Jazz Foundation and IBM Engineering products.

Summary There are multiple vulnerabilities that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Requirements Management DOORS Next DOORS Next, IBM Engineering Workflow Management EWM, IBM...

9.8CVSS9AI score0.99019EPSS
Exploits15Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/04 5:43 p.m.46 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2015-5237 DESCRIPTION: Google Protocol Buffers could allow a remote attacker to execute arbitrary code on the system, caused by ...

9.8CVSS8.5AI score0.99019EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/13 8:46 p.m.89 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2018-1288 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to bypass security restrictions. By using a manually created fetch request interfering with data replication, an attacker cou...

10CVSS0.5AI score0.87218EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/20 2:1 p.m.75 views

Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product

Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT...

9.8CVSS1AI score0.96121EPSS
Exploits13Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/04/15 12:0 a.m.31 views

Oracle Primavera Gateway (Apr 2020 CPU)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by the following vulnerabilities as referenced in the April 2020 CPU advisory: - In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing...

9.8CVSS7AI score0.28839EPSS
Exploits1References7
Rows per page
Query Builder