Lucene search
+L

141 matches found

CVE
CVE
added 2024/02/12 2:4 p.m.173 views

CVE-2023-6681

CVE-2023-6681 affects JWCrypto in python-jwcrypto. Root cause: unbounded PBES2 Count value in PBKDF2 enables a DoS when processing crafted JWE tokens; high resource consumption is possible. Documented impact: denial of service (and potential password brute‑force/dictionary pressure). Remediation/...

5.3CVSS5AI score0.00884EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/05 11:29 p.m.25 views

lestrrat-go/jwx's malicious parameters in JWE can cause a DOS

Summary too high p2c parameter in JWE's alg PBES2- could lead to a DOS attack Details The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary...

5.3CVSS6.9AI score0.00723EPSS
Exploits1References4Affected Software2
Fedora
Fedora
added 2023/10/26 1:35 a.m.59 views

[SECURITY] Fedora 37 Update: nodejs20-20.8.1-1.fc37

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

9.8CVSS8.2AI score0.99999EPSS
Exploits20
Fedora
Fedora
added 2023/10/24 1:23 a.m.54 views

[SECURITY] Fedora 38 Update: nodejs18-18.18.2-1.fc38

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

7.5CVSS7AI score0.99999EPSS
Exploits20
Fedora
Fedora
added 2023/08/19 12:48 a.m.57 views

[SECURITY] Fedora 37 Update: nodejs20-20.5.1-1.fc37

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

9.8CVSS6.5AI score0.01817EPSS
Exploits3
OpenVAS
OpenVAS
added 2023/08/17 12:0 a.m.32 views

Fedora: Security Advisory for nodejs18 (FEDORA-2023-d12a917ab4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.01817EPSS
Exploits3References2
Fedora
Fedora
added 2023/07/21 2:27 a.m.33 views

[SECURITY] Fedora 38 Update: nodejs16-16.20.1-1.fc38

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

7.5CVSS7AI score0.03906EPSS
Exploits1
Veracode
Veracode
added 2023/07/19 8:50 a.m.10 views

Denial Of Service (DoS)

libnghttp2.so is vulnerable to a memory leak. The vulnerability exists when the PUSHPROMISE or a HEADERS frame cannot be successfully sent, which can result in nghttp2onstreamclosecallback failing with a fatal error. If the server is under intensive memory operation an attacker could potentially...

6.6AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/02/16 12:0 a.m.31 views

A Bootiful Podcast: Avalara's Kumaresan Muthaliar on GraphQL in the heavily regulated, data intensive domain of tax

Hi, Spring fans! In this installment Josh Long @starbuxman talks to Kumaresan Muthaliar, senior technical lead at Avalara, about GraphQL in the heavily regulated, data intensive domain of tax...

3.4AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/02/16 12:0 a.m.12 views

A Bootiful Podcast: Avalara's Kumaresan Muthaliar on GraphQL in the heavily regulated, data intensive domain of tax

Hi, Spring fans! In this installment Josh Long @starbuxman talks to Kumaresan Muthaliar, senior technical lead at Avalara, about GraphQL in the heavily regulated, data intensive domain of tax...

3.4AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2022/10/11 7:32 a.m.41 views

Embracing Virtual Threads

Project Loom has made it into the JDK through JEP 425. Its available since Java 19 in September 2022 as a preview feature. Its goal is to dramatically reduce the effort of writing, maintaining, and observing high-throughput concurrent applications. Where Virtual Threads make sense This makes...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2022/09/01 12:0 a.m.7 views

Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 信任管理问题漏洞

The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Health. The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor suffers from a trust management issue vulnerability that stems from the presence of multiple global defaul...

6.1CVSS6.2AI score0.00291EPSS
Exploits0References4
CNVD
CNVD
added 2022/09/01 12:0 a.m.23 views

Apache Geode Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Apache Geode, the Apache Foundation's management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. An attacker could exploit this vulnerability to cause remote code...

9.8CVSS3.7AI score0.02367EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/01 12:0 a.m.64 views

Apache Geode Remote Code Execution Vulnerability (CNVD-2022-83595)

A remote code execution vulnerability exists in Apache Geode, the Apache Foundation's management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures, which stems from a vulnerability to untrusted data deserialization wh...

8.8CVSS3.7AI score0.01274EPSS
Exploits0References1
Akamai Blog
Akamai Blog
added 2022/04/21 9:0 a.m.17 views

Making the Edge Work for You

For many people, “building at the edge” may conjure fantastical images of nearly sci-fi–like computational power embedded on devices all around us, crunching massive volumes of data. We’re getting there. Today’s reality is that more workloads are moving to the edge to take advantage of the...

6.9AI score
Exploits0
Huntr
Huntr
added 2022/04/13 3:57 p.m.14 views

DoS due to unrestricted hashing

Description The application accepts strings of any size as passwords and processes hashes the string to check in the database if the user exists, for example upon login. Being the hashing process resource-intensive, it can be possible to cause Denial of Service without particular processing power...

0.6AI score
Exploits0
CNVD
CNVD
added 2022/03/23 12:0 a.m.25 views

Digital Bazaar Forge Data Forgery Issue Vulnerability

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. digitalbazaar Forge versions prior to 1.3.0 are vulnerable to a data forgery issue that originates from RSA PK...

7.5CVSS2.6AI score0.01015EPSS
Exploits0References1
Fedora
Fedora
added 2022/01/20 2:55 p.m.46 views

[SECURITY] Fedora 35 Update: nodejs-16.13.2-1.fc35

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

8.2CVSS1.6AI score0.21514EPSS
Exploits2
Code423n4
Code423n4
added 2021/11/12 12:0 a.m.10 views

TributeAccrual.availableTribute() & TributeAccrual.availableGovernanceTribute() Distributes Tributes Unfairly

Handle leastwood Vulnerability details Impact Conviction scores are calculating by taking the user's balance and multiplying it by the time elapsed. This score is updated upon each token transfer, or alternatively by directly calling ERC20ConvictionScore.updateConvictionScore. The availableTribut...

6.8AI score
Exploits0
Fedora
Fedora
added 2021/10/23 3:22 a.m.64 views

[SECURITY] Fedora 34 Update: nodejs-14.18.1-1.fc34

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

6.5CVSS1.6AI score0.02936EPSS
Exploits2
Rows per page
Query Builder