Lucene search
K

344 matches found

RedHat Linux
RedHat Linux
added 2024/11/12 8:46 a.m.4 views

jose: resource exhaustion

Jose was found to have an uncontrolled resource consumption vulnerability. Under certain conditions, the user's environment can consume an unreasonable amount of CPU time or memory during JWE decryption operations, leading to a denial of service...

5.9CVSS6.9AI score0.02085EPSS
Exploits0References5
OSV
OSV
added 2024/11/12 12:0 a.m.20 views

ALSA-2024:9281 Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security Fixes: JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 Fo...

5.3CVSS5.5AI score0.00884EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/11/12 12:0 a.m.17 views

RHEL 9 : python-jwcrypto (RHSA-2024:9281)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9281 advisory. The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web...

5.3CVSS6.4AI score0.00884EPSS
Exploits0References7
AlmaLinux
AlmaLinux
added 2024/11/12 12:0 a.m.27 views

Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security Fixes: JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 Fo...

5.3CVSS6.5AI score0.00884EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/11/04 8:13 p.m.5 views

nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability...

7.5CVSS6.8AI score0.00814EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/14 6:1 p.m.4 views

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

6.5CVSS7.1AI score0.00879EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/09/19 4:46 p.m.7 views

nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability...

7.5CVSS6.8AI score0.00814EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/08/15 8:11 p.m.5 views

jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression

A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This...

7.5CVSS5.8AI score0.00244EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/08/15 8:11 p.m.6 views

jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression

A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This...

7.5CVSS5.8AI score0.00244EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/08/15 8:7 p.m.4 views

jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression

A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This...

7.5CVSS5.8AI score0.00244EPSS
Exploits1References5
Amazon
Amazon
added 2024/08/15 12:0 a.m.3 views

Medium: nerdctl

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS6.6AI score0.91969EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/08/13 3:37 p.m.3 views

jose: resource exhaustion

Jose was found to have an uncontrolled resource consumption vulnerability. Under certain conditions, the user's environment can consume an unreasonable amount of CPU time or memory during JWE decryption operations, leading to a denial of service...

5.9CVSS6.9AI score0.02085EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.8 views

The vulnerability of the JOSE component in Apache CXF web services allows a attacker to cause a service failure.

The vulnerability of the JOSE component in Apache CXF web services is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS6.7AI score0.01269EPSS
Exploits0References5Affected Software3
RedHat Linux
RedHat Linux
added 2024/07/25 3:4 p.m.4 views

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

6.5CVSS7.1AI score0.00879EPSS
Exploits1References4
OSV
OSV
added 2024/07/19 9:32 a.m.6 views

GHSA-6PFF-FMH2-4MMF Apache CXF Denial of Service vulnerability in JOSE

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token...

6.9CVSS6.9AI score0.01269EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/07/12 1:43 a.m.3 views

python-jwcrypto: malicious JWE token can cause denial of service

An uncontrolled resource consumption vulnerability was found in python-jwcrypto. If a malicious JWE token with a high compression ratio is passed to the server, the server will consume a lot of memory and processing time, leading to a denial of service...

6.8CVSS7.1AI score0.0098EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/07/08 10:19 p.m.3 views

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

6.5CVSS7.1AI score0.00879EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/06/20 12:0 a.m.7 views

The vulnerability of the JWE Token Handler component in JavaScript object signing and encryption technologies is related to an uncontrolled resource consumption, allowing attackers to cause service failures.

The vulnerability of the JWE Token Handler component in JavaScript object signing and encryption technologies with Python is related to high resource consumption during decryption using the created JSON Web Encryption token. Exploiting this vulnerability can allow a malicious actor to cause servi...

6.8CVSS6.4AI score0.00783EPSS
Exploits1References5Affected Software2
RedHat Linux
RedHat Linux
added 2024/06/18 12:36 a.m.3 views

jose: resource exhaustion

Jose was found to have an uncontrolled resource consumption vulnerability. Under certain conditions, the user's environment can consume an unreasonable amount of CPU time or memory during JWE decryption operations, leading to a denial of service...

5.9CVSS6.9AI score0.02085EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/11 7:55 p.m.4 views

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

4.3CVSS6.7AI score0.01956EPSS
Exploits0References5
Rows per page
Query Builder