Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2025/02/21 1:36 p.m.3 views

OESA-2025-1163 python-jwcrypto security update

Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression...

6.8CVSS6.8AI score0.00381EPSS
Exploits1References2
OSV
OSVadded 2024/11/22 2:22 p.m.3 views

OESA-2024-2444 python-jwcrypto security update

Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression...

6.8CVSS6.8AI score0.00381EPSS
Exploits1References2
OSV
OSVadded 2024/03/21 2:52 a.m.2 views

DEBIAN-CVE-2024-28102

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

6.8CVSS6.8AI score0.00381EPSS
Exploits1References1
OSV
OSVadded 2024/03/21 2:52 a.m.1 views

AZL-43366 CVE-2024-28102 affecting package python-jwcrypto 0.6.0-9

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

6.8CVSS6.5AI score0.00381EPSS
Exploits1References1
OSV
OSVadded 2024/03/21 2:52 a.m.2 views

UBUNTU-CVE-2024-28102

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

6.8CVSS6.6AI score0.00381EPSS
Exploits1References4
RedHat Linux
RedHat Linuxadded 2023/05/16 10:7 a.m.5 views

gssntlmssp: multiple out-of-bounds read when decoding NTLM fields

A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. Multiple out-of-bounds reads occur when decoding NTLM fields and can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of the consistency of t...

7.5CVSS5.8AI score0.00271EPSS
Exploits0References5
Rows per page
Query Builder