Lucene search
K

36 matches found

Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.3 views

PT-2026-22699

Name of the Vulnerable Software and Affected Versions joserfc versions 1.6.2 and earlier Description joserfc is a Python library implementing JSON Object Signing and Encryption JOSE standards. A resource exhaustion issue in joserfc can lead to a Denial of Service DoS through CPU exhaustion. When...

7.5CVSS5.9AI score0.00432EPSS
Exploits2References24
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : buildah-1.33.7-2.el9_4 (AXSA:2024-8286:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8286:05 advisory. golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 jose-go: improper handling of highly compressed data CVE-2024-28180...

6.5CVSS7.6AI score0.02085EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : podman-4.9.4-4.el9_4 (AXSA:2024-8285:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8285:05 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

6.5CVSS8.3AI score0.02085EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.5 views

PT-2025-51835

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

5.3CVSS6.8AI score0.00166EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0938

Malicious code in bioql PyPI...

4.9CVSS6.2AI score0.02085EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-6862

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.01112EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-28176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JS...

5.9CVSS6.8AI score0.02085EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/06/16 3:53 a.m.2 views

SUSE CVE-2024-28176

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

5.9CVSS7.4AI score0.02085EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/06/11 8:7 p.m.6 views

jose: resource exhaustion

Jose was found to have an uncontrolled resource consumption vulnerability. Under certain conditions, the user's environment can consume an unreasonable amount of CPU time or memory during JWE decryption operations, leading to a denial of service...

5.9CVSS6.9AI score0.02085EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/25 5:16 a.m.36 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack (CVE-2024-28176).

Summary IBM Event Streams is vulnerable to a denial of service due to the jose module component, caused by a flaw during JWE Decryption operations. Jose module is a javaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node. js-based servers...

5.9CVSS5.4AI score0.02085EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2024/03/10 8:7 p.m.43 views

CVE-2024-28176

Jose was found to have an uncontrolled resource consumption vulnerability. Under certain conditions, the user's environment can consume an unreasonable amount of CPU time or memory during JWE decryption operations, leading to a denial of service. Mitigation Mitigation for this issue is either not...

5.3CVSS5.2AI score0.02085EPSS
Exploits0References4
Prion
Prion
added 2024/03/09 1:15 a.m.36 views

Code injection

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

3.3CVSS5.1AI score0.02085EPSS
Exploits0References3
OSV
OSV
added 2024/03/09 12:43 a.m.39 views

CVE-2024-28176 jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

4.9CVSS6.2AI score0.02085EPSS
Exploits0References10
OSV
OSV
added 2022/09/07 10:15 p.m.1 views

DEBIAN-CVE-2022-36083

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...

5.3CVSS6.4AI score0.01112EPSS
Exploits1References1
Prion
Prion
added 2022/09/07 10:15 p.m.20 views

Default credentials

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...

5CVSS5.5AI score0.01112EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/07 9:55 p.m.6 views

CVE-2022-36083 JOSE vulnerable to resource exhaustion via specifically crafted JWE

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...

5.3CVSS5.6AI score0.01112EPSS
Exploits1References3
Rows per page
Query Builder