Lucene search
+L

13 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-3143

Malicious code in bioql PyPI...

5.3CVSS5.8AI score0.00723EPSS
Exploits1References4
mscve
mscve
added 2024/10/15 7:0 a.m.6 views

erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.

...

5.3CVSS6.4AI score0.00887EPSS
Exploits0
github
github
added 2024/03/19 3:30 p.m.23 views

erlang-jose vulnerable to denial of service via large p2c value

erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...

5.3CVSS7AI score0.00887EPSS
Exploits0References6Affected Software1
nvd
nvd
added 2024/03/19 3:15 p.m.13 views

CVE-2023-50966

erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...

5.3CVSS6.4AI score0.00887EPSS
Exploits0References3
osv
osv
added 2024/03/19 3:15 p.m.6 views

AZL-39857 CVE-2023-50966 affecting package rabbitmq-server for versions less than 3.11.24-2

erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...

5.3CVSS6.3AI score0.00887EPSS
Exploits0References1
osv
osv
added 2024/03/19 3:15 p.m.1 views

DEBIAN-CVE-2023-50966

erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...

5.3CVSS5.8AI score0.00887EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2024/03/19 3:15 p.m.23 views

CVE-2023-50966

erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...

5.3CVSS6.3AI score0.00887EPSS
Exploits0References5
osv
osv
added 2024/03/19 3:15 p.m.5 views

UBUNTU-CVE-2023-50966

erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...

5.3CVSS5.8AI score0.00887EPSS
Exploits0References6
cvelist
cvelist
added 2024/03/19 12:0 a.m.17 views

CVE-2023-50966

erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...

6.6AI score0.00887EPSS
Exploits0References3
osv
osv
added 2023/12/11 3:8 p.m.19 views

GO-2023-2379 Denial of service due to malicious parameters in github.com/lestrrat-go/jwx

The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its purpose is to intentionally slow down the key derivation function, making password brute-force...

5.3CVSS5.4AI score0.00723EPSS
Exploits1References2
osv
osv
added 2023/12/05 11:29 p.m.13 views

GHSA-7F9X-GW85-8GRF lestrrat-go/jwx's malicious parameters in JWE can cause a DOS

Summary too high p2c parameter in JWE's alg PBES2- could lead to a DOS attack Details The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary...

5.3CVSS5.4AI score0.00723EPSS
Exploits1References4
prion
prion
added 2023/12/05 12:15 a.m.17 views

Design/Logic Flaw

lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...

5CVSS7AI score0.00723EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2023/12/04 11:42 p.m.50 views

CVE-2023-49290 Malicious parameters can cause a denial of service in lestrrat-go/jwx

lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...

5.3CVSS5.5AI score0.00723EPSS
Exploits1References2
Rows per page
Query Builder