EUVD-2024-0938

Malicious code in bioql PyPI...

Moderate: Red Hat Security Advisory: python-jwcrypto security update

An update for python-jwcrypto is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

[SECURITY] Fedora 40 Update: erlang-jose-1.11.10-1.fc40

JSON Object Signing and Encryption JOSE for Erlang and Elixir...

[SECURITY] Fedora 39 Update: erlang-jose-1.11.10-1.fc39

JSON Object Signing and Encryption JOSE for Erlang and Elixir...

Fedora: Security Advisory (FEDORA-2024-2cface5aba)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-25653 Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in node-jose can trigger a Denial-of-Service DoS condition, due to a...

Code injection

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key...

CVE-2017-16007

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key...