46 matches found
CVE-2024-21319 vulnerabilities
Vulnerabilities for packages: dotnet...
Security Bulletin: IBM Storage Ceph is vulnerable to a denial of service in Grafana. (CVE-2024-21319)
Summary Go Jose is used by IBM Storage Ceph in Grafana as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-21319 Vulnerability Details IBM X-Force ID: 273486 DESCRIPTION: go-jose is vulnerable to a denial of service, caused by a fla...
python-jose denial of service via compressed JWE content
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
GHSA-CJWG-QFPM-7377 python-jose denial of service via compressed JWE content
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
CVE-2024-33664
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
CVE-2024-33664
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
CVE-2024-33664
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
GHSA-J857-7RVV-VJ97 JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
Affected version Vendor: https://github.com/latchset/jwcrypto Version: 1.5.5 Description An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this Token, it will consume a lot of memory and processing time. Poc python from...
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
Affected version Vendor: https://github.com/latchset/jwcrypto Version: 1.5.5 Description An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this Token, it will consume a lot of memory and processing time. Poc python from...
Oracle Linux 8 : .NET / 8.0 (ELSA-2024-0150)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0150 advisory. 8.0.101-1.0.1 - Add support for Oracle Linux - Update to .NET SDK 8.0.101 and Runtime 8.0.1 Tenable has extracted the preceding description block...
CentOS 8 : .NET 8.0 (CESA-2024:0150)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:0150 advisory. - Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability CVE-2024-0056 - NET, .NET Framework, and...
Amazon Linux 2023 : aspnetcore-runtime-6.0, aspnetcore-targeting-pack-6.0, dotnet (ALAS2023-2024-489)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-489 advisory. Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability CVE-2024-0056 NET, .NET Framework, and Visual Studio Security Feature Bypass...
CentOS 8 : .NET 7.0 (CESA-2024:0157)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:0157 advisory. - Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability CVE-2024-0056 - NET, .NET Framework, and...
CentOS 8 : .NET 6.0 (CESA-2024:0158)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:0158 advisory. - Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability CVE-2024-0056 - NET, .NET Framework, and...
Oracle Linux 8 : .NET / 6.0 (ELSA-2024-0158)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0158 advisory. 6.0.126-1.0.1 - Add support for Oracle Linux 6.0.126-1 - Update to .NET SDK 6.0.126 and Runtime 6.0.26 Tenable has extracted the preceding description...
Oracle Linux 9 : .NET / 8.0 (ELSA-2024-0152)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0152 advisory. 8.0.101-1.0.1 - Update to .NET SDK 8.0.101 and Runtime 8.0.1 Tenable has extracted the preceding description block directly from the Oracle Linux...
SUSE CVE-2024-21319
unknown...
Important: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
RHEL 7 : .NET 6.0 (RHSA-2024:0255)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0255 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
.NET 6.0 security update
An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...