7 matches found
Moderate: Red Hat Security Advisory: python-jwcrypto security update
An update for python-jwcrypto is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Fedora: Security Advisory (FEDORA-2024-2cface5aba)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 39 : prometheus-podman-exporter (2024-a8a4ce2864)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a8a4ce2864 advisory. release v1.11.0 ---- release v1.10.1 ---- release v1.10.0 Tenable has extracted the preceding description block directly from the Fedora security advisory...
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
CVE-2017-16007
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key...
Code injection
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key...
security flaw
GnuPG GPG 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 sign+encrypt keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature...