Lucene search
+L

46 matches found

Wolfi
Wolfi
added 2025/03/21 4:43 a.m.22 views

CVE-2024-21319 vulnerabilities

Vulnerabilities for packages: dotnet...

6.8CVSS7.2AI score0.02868EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/24 6:50 p.m.28 views

Security Bulletin: IBM Storage Ceph is vulnerable to a denial of service in Grafana. (CVE-2024-21319)

Summary Go Jose is used by IBM Storage Ceph in Grafana as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-21319 Vulnerability Details IBM X-Force ID: 273486 DESCRIPTION: go-jose is vulnerable to a denial of service, caused by a fla...

6.8CVSS6.3AI score0.02868EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/26 12:30 a.m.160 views

python-jose denial of service via compressed JWE content

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

5.3CVSS7.4AI score0.00783EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2024/04/26 12:30 a.m.91 views

GHSA-CJWG-QFPM-7377 python-jose denial of service via compressed JWE content

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

5.3CVSS7AI score0.00783EPSS
Exploits1References7
NVD
NVD
added 2024/04/26 12:15 a.m.36 views

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

5.3CVSS6.4AI score0.00783EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/04/26 12:15 a.m.50 views

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

5.3CVSS6.7AI score0.00783EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/04/25 12:0 a.m.48 views

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

7.8AI score0.00783EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 8:0 p.m.31 views

GHSA-J857-7RVV-VJ97 JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

Affected version Vendor: https://github.com/latchset/jwcrypto Version: 1.5.5 Description An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this Token, it will consume a lot of memory and processing time. Poc python from...

6.8CVSS6.3AI score0.0098EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2024/03/06 8:0 p.m.74 views

JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

Affected version Vendor: https://github.com/latchset/jwcrypto Version: 1.5.5 Description An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this Token, it will consume a lot of memory and processing time. Poc python from...

6.8CVSS6.3AI score0.0098EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/20 12:0 a.m.32 views

Oracle Linux 8 : .NET / 8.0 (ELSA-2024-0150)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0150 advisory. 8.0.101-1.0.1 - Add support for Oracle Linux - Update to .NET SDK 8.0.101 and Runtime 8.0.1 Tenable has extracted the preceding description block...

9.8CVSS7.7AI score0.02868EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/01/30 12:0 a.m.36 views

CentOS 8 : .NET 8.0 (CESA-2024:0150)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:0150 advisory. - Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability CVE-2024-0056 - NET, .NET Framework, and...

9.8CVSS7.9AI score0.02868EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/01/23 12:0 a.m.44 views

Amazon Linux 2023 : aspnetcore-runtime-6.0, aspnetcore-targeting-pack-6.0, dotnet (ALAS2023-2024-489)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-489 advisory. Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability CVE-2024-0056 NET, .NET Framework, and Visual Studio Security Feature Bypass...

9.8CVSS7.9AI score0.02868EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/01/22 12:0 a.m.28 views

CentOS 8 : .NET 7.0 (CESA-2024:0157)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:0157 advisory. - Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability CVE-2024-0056 - NET, .NET Framework, and...

9.8CVSS7.9AI score0.02868EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/01/22 12:0 a.m.37 views

CentOS 8 : .NET 6.0 (CESA-2024:0158)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:0158 advisory. - Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability CVE-2024-0056 - NET, .NET Framework, and...

9.8CVSS7.9AI score0.02868EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/01/18 12:0 a.m.28 views

Oracle Linux 8 : .NET / 6.0 (ELSA-2024-0158)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0158 advisory. 6.0.126-1.0.1 - Add support for Oracle Linux 6.0.126-1 - Update to .NET SDK 6.0.126 and Runtime 6.0.26 Tenable has extracted the preceding description...

9.8CVSS7.7AI score0.02868EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/01/17 12:0 a.m.37 views

Oracle Linux 9 : .NET / 8.0 (ELSA-2024-0152)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0152 advisory. 8.0.101-1.0.1 - Update to .NET SDK 8.0.101 and Runtime 8.0.1 Tenable has extracted the preceding description block directly from the Oracle Linux...

9.8CVSS7.7AI score0.02868EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/01/16 2:36 a.m.3 views

SUSE CVE-2024-21319

unknown...

6.8CVSS9.3AI score0.02868EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/01/15 4:1 p.m.56 views

Important: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS7.1AI score0.02868EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/01/15 12:0 a.m.32 views

RHEL 7 : .NET 6.0 (RHSA-2024:0255)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0255 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

9.8CVSS7.8AI score0.02868EPSS
Exploits0References8
Rockylinux
Rockylinux
added 2024/01/12 7:57 p.m.46 views

.NET 6.0 security update

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

9.8CVSS7AI score0.02868EPSS
Exploits0
Rows per page
Query Builder