Lucene search
K

58372 matches found

Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.21 views

EulerOS Virtualization 2.13.1 : python-pip (EulerOS-SA-2025-2561)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third...

5.3CVSS6.9AI score0.00846EPSS
Exploits1References2
OSV
OSV
added 2025/12/17 6:31 p.m.4 views

GHSA-H4PW-WXH7-4VJJ Duplicate Advisory: python-jose denial of service via compressed JWE content

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cjwg-qfpm-7377. This link is maintained to preserve external references. Original Description In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS...

5.3CVSS6.7AI score0.00166EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/17 6:31 p.m.4 views

EUVD-2024-26380

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

5.3CVSS6.3AI score0.00166EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/12/17 6:31 p.m.10 views

Duplicate Advisory: python-jose denial of service via compressed JWE content

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cjwg-qfpm-7377. This link is maintained to preserve external references. Original Description In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS...

5.3CVSS6.8AI score0.00166EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2025/12/17 5:56 p.m.2 views

EUVD-2025-203913

Malicious code in trondec PyPI...

6.6AI score
Exploits0References2
OSV
OSV
added 2025/12/17 4:16 p.m.5 views

PYSEC-2025-185

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

5.3CVSS5.8AI score0.00166EPSS
Exploits1References2
PyPA
PyPA
added 2025/12/17 4:16 p.m.61 views

PYSEC-2025-185

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

5.3CVSS5.8AI score0.00166EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/12/17 4:16 p.m.4 views

CVE-2024-29370

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

5.3CVSS0.00166EPSS
Exploits1References1
OSV
OSV
added 2025/12/17 4:16 p.m.3 views

DEBIAN-CVE-2024-29370

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

5.3CVSS5.2AI score0.00166EPSS
Exploits1References1
OSV
OSV
added 2025/12/17 4:16 p.m.4 views

CVE-2024-29370

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

5.3CVSS6.7AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/12/17 4:16 p.m.5 views

aef-gw (>=0.1.1 <=0.1.15), airiam (>=0.1.2 <=0.1.8) +168 more potentially affected by CVE-2024-29370 via python-jose (>=0.5.5 <=3.3.0)

python-jose PYPI version =0.5.5, =0.1.1, =0.1.2, =0.1.0, =0.8.0, =0.9.0, =1.23.0.dev0, =0.1.2, =0.1.18, =1.1.3, =1.5.0, =0.1.7, =0.31.6, =0.3.0, =0.9.0, =0.0.12, =0.0.14 and more Source cves: CVE-2024-29370 Source advisory: OSV:PYSEC-2025-185...

5.3CVSS6AI score0.00166EPSS
Exploits1
OSV
OSV
added 2025/12/17 4:16 p.m.2 views

UBUNTU-CVE-2024-29370

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

5.3CVSS7.1AI score0.00166EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/12/17 4:16 p.m.6 views

CVE-2024-29370

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

5.3CVSS7.1AI score0.00166EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:31 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2021-3572...

6.5CVSS7.5AI score0.02421EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:25 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future [CVE-2025-50817]

Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future, due to the unintended import of a file named test.py. CVE-2025-50817. Python-Future is used in our service runtimes. This vulnerabilitiy has been addressed. Please read the details for...

5.4CVSS7.9AI score0.00271EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:16 p.m.17 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2025-4517]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal due to an issue in Python that allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". CVE-2025-4517. Python is used in our speech service runtimes. This vulnerabilitiy...

9.4CVSS7.9AI score0.01184EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:11 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2025-4138]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal due to an issue in in Python that allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. CVE-2025-4138. Python is us...

7.5CVSS7.9AI score0.01109EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:9 p.m.11 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2025-4330]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal due to an issue in Python that allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata CVE-2025-4330. Python is used i...

7.5CVSS7.9AI score0.00728EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:8 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2024-12718]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python, due to issues with filter="data" or file permissions chmod with filter="tar" which allow modifying some metadata of files outside the extraction directory CVE-2024-12718. Python is used in our speech service...

5.3CVSS7.9AI score0.00607EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 1:46 p.m.6 views

Security Bulletin: Vulnerability in urllib3 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-43804, CVE-2023-45803]

Summary The urllib3 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2023-43804, CVE-2023-45803 Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. urllib3...

8.1CVSS6.8AI score0.01207EPSS
Exploits0Affected Software1
Rows per page
Query Builder