Lucene search
K

44 matches found

OSV
OSV
added 2026/05/22 1:22 p.m.2 views

OESA-2026-2446 postgresql-jdbc security update

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Is an open source JDBC driver written in Pure Java Type 4, and communicates in the PostgreSQL native network protocol. Security Fixes: pgjdbc is an open...

7.5CVSS5.7AI score0.00043EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/15 4:8 p.m.20 views

CVE-2026-42256

A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol IMAP client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256 authentication by...

6.5CVSS5.7AI score0.00046EPSS
Exploits0References10
NVD
NVD
added 2026/05/09 8:16 p.m.7 views

CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6.5CVSS0.00046EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/05/09 8:16 p.m.6 views

CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6.5CVSS5.7AI score0.00046EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/09 7:38 p.m.6 views

CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6CVSS5.7AI score0.00046EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/05/09 7:38 p.m.5 views

EUVD-2026-28925

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6CVSS5.7AI score0.00046EPSS
Exploits0References7
OSV
OSV
added 2026/04/29 8:51 a.m.3 views

CLSA-2026-1777452704 bind: Fix of CVE-2026-1519

CVE-2026-1519: limit NSEC3 iteration count when proving an insecure delegation so a maliciously crafted DNSSEC zone with a high-iteration NSEC3 record cannot exhaust resolver CPU; treat the answer as insecure above the 150-iteration limit. Backport of bind-9.11.36-16.el810.7 RHSA-2026:8352...

7.5CVSS6AI score0.00061EPSS
Exploits0References1
OSV
OSV
added 2026/03/03 11:15 p.m.5 views

DEBIAN-CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS5.4AI score0.00048EPSS
Exploits2References1
OSV
OSV
added 2026/03/03 10:48 p.m.0 views

CVE-2026-27932 joserfc PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS5.9AI score0.00048EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2026/03/02 6:47 p.m.2 views

joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

Summary A resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library decrypts a JSON Web Encryption JWE token using Password-Based Encryption PBES2 algorithms, it reads the p2c PBES2 Count parameter directl...

7.5CVSS6AI score0.00048EPSS
Exploits2References5Affected Software1
RedHat Linux
RedHat Linux
added 2024/10/14 6:1 p.m.1 views

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

6.5CVSS7.1AI score0.00383EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/07/25 3:4 p.m.2 views

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

6.5CVSS7.1AI score0.00383EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2024/07/11 3:30 a.m.1 views

SUSE CVE-2023-46233

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...

9.1CVSS7AI score0.00916EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/02/13 6:55 p.m.4 views

crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

9.1CVSS7.1AI score0.00916EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/13 6:44 p.m.4 views

crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

9.1CVSS7.1AI score0.00916EPSS
Exploits0References5
OSV
OSV
added 2024/02/11 6:30 a.m.0 views

GHSA-GVPG-VGMX-XG6W Denial of Service in Connect2id Nimbus JOSE+JWT

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

8.7CVSS6.8AI score0.00105EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2024/02/11 5:15 a.m.2 views

CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

7.5CVSS7.3AI score0.00105EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/02/11 12:0 a.m.18 views

CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

6.7AI score0.00105EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/01/10 6:38 p.m.0 views

crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

9.1CVSS7.1AI score0.00916EPSS
Exploits0References5
Veracode
Veracode
added 2023/12/29 7:5 a.m.24 views

Denial Of Service (DOS)

jwcrypto is vulnerable to Denial Of Service DoS. The vulnerability is due to a missing upper bound check in the p2c header value PBES2 count which contains the PBKDF2 iteration count used in the PBKDF2 cryptographic key derivation function. The unbounded value can be exploited by an attacker to...

5.3CVSS6.9AI score0.00029EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder