141 matches found
CVE-2023-6681
CVE-2023-6681 affects JWCrypto in python-jwcrypto. Root cause: unbounded PBES2 Count value in PBKDF2 enables a DoS when processing crafted JWE tokens; high resource consumption is possible. Documented impact: denial of service (and potential password brute‑force/dictionary pressure). Remediation/...
lestrrat-go/jwx's malicious parameters in JWE can cause a DOS
Summary too high p2c parameter in JWE's alg PBES2- could lead to a DOS attack Details The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary...
[SECURITY] Fedora 37 Update: nodejs20-20.8.1-1.fc37
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...
[SECURITY] Fedora 38 Update: nodejs18-18.18.2-1.fc38
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...
[SECURITY] Fedora 37 Update: nodejs20-20.5.1-1.fc37
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...
Fedora: Security Advisory for nodejs18 (FEDORA-2023-d12a917ab4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: nodejs16-16.20.1-1.fc38
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...
Denial Of Service (DoS)
libnghttp2.so is vulnerable to a memory leak. The vulnerability exists when the PUSHPROMISE or a HEADERS frame cannot be successfully sent, which can result in nghttp2onstreamclosecallback failing with a fatal error. If the server is under intensive memory operation an attacker could potentially...
A Bootiful Podcast: Avalara's Kumaresan Muthaliar on GraphQL in the heavily regulated, data intensive domain of tax
Hi, Spring fans! In this installment Josh Long @starbuxman talks to Kumaresan Muthaliar, senior technical lead at Avalara, about GraphQL in the heavily regulated, data intensive domain of tax...
A Bootiful Podcast: Avalara's Kumaresan Muthaliar on GraphQL in the heavily regulated, data intensive domain of tax
Hi, Spring fans! In this installment Josh Long @starbuxman talks to Kumaresan Muthaliar, senior technical lead at Avalara, about GraphQL in the heavily regulated, data intensive domain of tax...
Embracing Virtual Threads
Project Loom has made it into the JDK through JEP 425. Its available since Java 19 in September 2022 as a preview feature. Its goal is to dramatically reduce the effort of writing, maintaining, and observing high-throughput concurrent applications. Where Virtual Threads make sense This makes...
Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 信任管理问题漏洞
The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Health. The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor suffers from a trust management issue vulnerability that stems from the presence of multiple global defaul...
Apache Geode Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Apache Geode, the Apache Foundation's management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. An attacker could exploit this vulnerability to cause remote code...
Apache Geode Remote Code Execution Vulnerability (CNVD-2022-83595)
A remote code execution vulnerability exists in Apache Geode, the Apache Foundation's management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures, which stems from a vulnerability to untrusted data deserialization wh...
Making the Edge Work for You
For many people, “building at the edge” may conjure fantastical images of nearly sci-fi–like computational power embedded on devices all around us, crunching massive volumes of data. We’re getting there. Today’s reality is that more workloads are moving to the edge to take advantage of the...
DoS due to unrestricted hashing
Description The application accepts strings of any size as passwords and processes hashes the string to check in the database if the user exists, for example upon login. Being the hashing process resource-intensive, it can be possible to cause Denial of Service without particular processing power...
Digital Bazaar Forge Data Forgery Issue Vulnerability
Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. digitalbazaar Forge versions prior to 1.3.0 are vulnerable to a data forgery issue that originates from RSA PK...
[SECURITY] Fedora 35 Update: nodejs-16.13.2-1.fc35
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
TributeAccrual.availableTribute() & TributeAccrual.availableGovernanceTribute() Distributes Tributes Unfairly
Handle leastwood Vulnerability details Impact Conviction scores are calculating by taking the user's balance and multiplying it by the time elapsed. This score is updated upon each token transfer, or alternatively by directly calling ERC20ConvictionScore.updateConvictionScore. The availableTribut...
[SECURITY] Fedora 34 Update: nodejs-14.18.1-1.fc34
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...