Lucene search
K

7 matches found

RedHat Linux
RedHat Linux
added 2024/11/12 9:19 a.m.34 views

Moderate: Red Hat Security Advisory: python-jwcrypto security update

An update for python-jwcrypto is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

5.3CVSS6.3AI score0.00884EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.17 views

Fedora: Security Advisory (FEDORA-2024-2cface5aba)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01383EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/03/30 12:0 a.m.27 views

Fedora 39 : prometheus-podman-exporter (2024-a8a4ce2864)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a8a4ce2864 advisory. release v1.11.0 ---- release v1.10.1 ---- release v1.10.0 Tenable has extracted the preceding description block directly from the Fedora security advisory...

4.3CVSS7AI score0.01956EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2024/03/09 12:54 a.m.20 views

CVE-2024-28180

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.8AI score0.01956EPSS
Exploits0
OSV
OSV
added 2018/06/04 7:29 p.m.17 views

CVE-2017-16007

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key...

5.9CVSS5.9AI score
Exploits0References4
Prion
Prion
added 2018/06/04 7:29 p.m.14 views

Code injection

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key...

4.3CVSS5.6AI score0.00928EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2003/12/11 12:21 a.m.13 views

security flaw

GnuPG GPG 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 sign+encrypt keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature...

5CVSS5.7AI score0.02854EPSS
Exploits1References4
Rows per page
Query Builder