Lucene search
K

25564 matches found

Snyk
Snyk
added 2026/03/02 6:47 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the decryptcek function. An attacker can cause excessive CPU resource consumption by supplying a crafted JSON Web Encryption JWE token with an unbounded p2c parameter value, leadi...

8.7CVSS6AI score0.00432EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2026/03/02 6:47 p.m.5 views

joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

Summary A resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library decrypts a JSON Web Encryption JWE token using Password-Based Encryption PBES2 algorithms, it reads the p2c PBES2 Count parameter directl...

7.5CVSS6AI score0.00432EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2026/03/02 6:47 p.m.5 views

GHSA-W5R5-M38G-F9F9 joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

Summary A resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library decrypts a JSON Web Encryption JWE token using Password-Based Encryption PBES2 algorithms, it reads the p2c PBES2 Count parameter directl...

7.5CVSS6AI score0.00432EPSS
Exploits2References5
NVD
NVD
added 2026/03/02 3:16 p.m.9 views

CVE-2026-0995

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...

3.6CVSS0.00088EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/02 2:52 p.m.3 views

CVE-2026-0995

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...

3.6CVSS5.8AI score0.00088EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/02 2:52 p.m.32 views

CVE-2026-0995

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...

0.00088EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/02 2:52 p.m.3 views

CVE-2026-0995

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...

5.8AI score0.00088EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 2:52 p.m.18 views

CVE-2026-0995

Technical details about CVE-2026-0995 are not publicly available in the provided connected documents. The descriptions consistently mention Arm C1-Pro TLBI+DSB memory-access completion issue, but no specifics on affected versions, exploits, or fixes.

3.6CVSS5.8AI score0.00088EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/03/02 1:43 a.m.6 views

udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitiv...

5.5CVSS5.7AI score0.00075EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.8 views

PT-2026-22600

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...

5.8AI score0.00088EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.4 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There are security vulnerabilities in Qualcomm Chipsets, which stem from improper configuration. These vulnerabilities may lead to encryption issues when initiating VoWiFi calls from the UE device...

7.2CVSS5.8AI score0.0013EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.4 views

PT-2026-22703

Name of the Vulnerable Software and Affected Versions AWS-LC versions prior to 1.69.0 Description An observable timing discrepancy in AES-CCM decryption within AWS-LC could allow an unauthenticated user to potentially determine authentication tag validity through timing analysis. The impacted...

8.2CVSS5.9AI score0.01079EPSS
Exploits0References18
Packet Storm News
Packet Storm News
added 2026/03/02 12:0 a.m.1 views

Tinc Virtual Private Network Daemon 1.0.37

tinc is a Virtual Private Network VPN daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information...

6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.3 views

PT-2026-22699

Name of the Vulnerable Software and Affected Versions joserfc versions 1.6.2 and earlier Description joserfc is a Python library implementing JSON Object Signing and Encryption JOSE standards. A resource exhaustion issue in joserfc can lead to a Denial of Service DoS through CPU exhaustion. When...

7.5CVSS5.9AI score0.00432EPSS
Exploits2References24
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.7 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There are security vulnerabilities in Qualcomm Chipsets. These vulnerabilities stem from shared VM references that allow HLOS access to bootloaders and certificate chains, potentially leading to...

7.1CVSS5.8AI score0.0007EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 7:47 a.m.6 views

CVE-2026-1442

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...

7.8CVSS5.9AI score0.00153EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/02/28 12:0 a.m.3 views

Security Is Not Enough: Privacy in Encryption Regulation and Lawful-Surveillance Protocols

This article argues that security is not enough to fully capture what is at stake in government exceptional access to encrypted data. A conception of privacy as security has little to say about "lawful-surveillance protocols'' -- an active research agenda in cryptography that aims to enable...

6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/28 12:0 a.m.32 views

IBM WebSphere Application Server 8.5.5.3 < 8.5.5.30 / 9.x < 9.0.5.27 / Liberty 21.0.0.3 < 26.0.0.3 DoS (7261794)

The version of IBM WebSphere Application Server running on the remote host is affected by a DoS vulnerability as referenced in the 7261794 advisory. - In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an...

7.5CVSS7.2AI score0.00244EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/27 6:31 a.m.7 views

EUVD-2026-8994

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...

7.8CVSS5.5AI score0.00153EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/27 4:28 a.m.4 views

CVE-2026-1442

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...

7.8CVSS5.7AI score0.00153EPSS
Exploits1References4
Rows per page
Query Builder