Lucene search
K

342 matches found

UbuntuCve
UbuntuCve
added 2022/08/20 8:15 p.m.25 views

CVE-2022-38493

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token...

7.5CVSS7.1AI score0.00291EPSS
Exploits0References2
OSV
OSV
added 2022/08/20 8:15 p.m.2 views

UBUNTU-CVE-2022-38493

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token...

7.5CVSS5.8AI score0.00291EPSS
Exploits0References3
CVE
CVE
added 2022/08/20 7:41 p.m.67 views

CVE-2022-38493

CVE-2022-38493 affects Rhonabwy 0.9.99 through 1.1.x prior to 1.1.7, where the RSA private key length is not validated before RSA-OAEP decryption. The underlying issue allows an attacker to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token. Multiple connected sources (Red Ha...

7.5CVSS7.3AI score0.00291EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/20 12:0 a.m.6 views

PT-2022-24426 · Rhonabwy · Rhonabwy

Name of the Vulnerable Software and Affected Versions: Rhonabwy versions 0.9.99 through 1.1.x before 1.1.7 Description: The issue allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token, as the software does not check the RSA private key length before RSA-OAEP...

7.5CVSS7.3AI score0.00291EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2022/07/31 12:0 a.m.8 views

Fedora: Security Advisory for golang-gopkg-square-jose-2 (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2022/07/30 2:0 a.m.13 views

[SECURITY] Fedora 36 Update: golang-gopkg-square-jose-2-2.6.0-4.fc36

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. This includes support for JSON Web Encryption, JSON Web Signature, and JSON Web Token standards...

1.4AI score
Exploits0
OpenVAS
OpenVAS
added 2022/07/18 12:0 a.m.13 views

Fedora: Security Advisory for golang-gopkg-square-jose-2 (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.9AI score0.05994EPSS
Exploits4References2
Fedora
Fedora
added 2022/07/04 1:35 a.m.21 views

[SECURITY] Fedora 36 Update: golang-gopkg-square-jose-2-2.6.0-3.fc36

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. This includes support for JSON Web Encryption, JSON Web Signature, and JSON Web Token standards...

9.3CVSS8.2AI score0.05994EPSS
Exploits4
Wordfence Blog
Wordfence Blog
added 2022/06/29 6:3 p.m.15 views

Securing Port 443: The Gateway To A New Universe

At Wordfence our business is to secure over 4 million WordPress websites and keep them secure. My background is in network operations, and then I transitioned into software development because my ops role was at a scale where I found myself writing a lot of code. This led me to founding startups,...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2021/04/16 12:0 a.m.6 views

jose-browser-runtime 安全漏洞

npm jose-browser-runtime is an application from the US company npm. Generic " JSON Web almost everything " - JWA, JWS, JWE, JWT, JWK using native encryption runtime without dependencies. A security vulnerability exists in jose-browser-runtime, which stems from the possibility of a noticeable time...

5.9CVSS7AI score0.01238EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2020/02/28 12:26 p.m.62 views

Let's Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years

Let's Encrypt, a free, automated, and open certificate signing authority CA from the nonprofit Internet Security Research Group ISRG, has said it's issued a billion certificates since its launch in 2015. The CA issued its first certificate in September 2015, before eventually reaching 100 million...

6.4AI score
Exploits0
ThreatPost
ThreatPost
added 2017/03/15 11:46 a.m.15 views

JSON Libraries Patched Against Invalid Curve Crypto Attack

A number of JSON libraries using the JSON Web Encryption specification JWE to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key. Researcher Antonio Sanso of Adobe said the go-jose, node-jose, jose2go, Nimbus JOSE+WT and jose4...

0.3AI score
Exploits0References6
Hacker One
Hacker One
added 2017/03/14 4:15 p.m.32 views

Internet Bug Bounty: Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516 Invalid Curve attack

We found an issue in the JWE specification where it fails to warn the implementers about Invalid Curve attack. We found several libraries to be vulnerable : node-jose, jose2go, Nimbus JOSE+JWT and jose4j and in the process of filing an errata for the RFC. We report the vulnerabilities to the...

7AI score
Exploits0
Into the symmetry
Into the symmetry
added 2017/03/13 6:44 p.m.94 views

Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516

tl;dr if you are using go-jose, node-jose, jose2go, Nimbus JOSE+JWT or jose4j with ECDH-ES please update to the latest version. RFC 7516 aka JSON Web Encryption JWE hence many software libraries implementing this specification used to suffer from a classic Invalid Curve Attack. This would allow a...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2016/08/01 1:54 p.m.13 views

Google Adds New Layer of Security to Domain: Adds HSTS

Google is adding HTTP Strict Transport Security or HSTS to the Google.com domain, an extra layer of protection that prevents visitors from using a less secure HTTP connection. By using HSTS, visitors following HTTP links to Google.com will be automatically redirected to the more secure HTTPS...

7AI score
Exploits0References8
The Hacker News
The Hacker News
added 2015/08/06 9:16 p.m.17 views

Web Encryption Protocol That Even Quantum Computers Can't Crack

Sometimes, instead of black and white we tend to look out, how a grey would look? Yes, today we are going to discuss the ‘entangling’ or ‘superpositioning’ which is a power packed functionality of quantum computers. And simultaneously, how can they pose a threat when fully launched in the world...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2014/10/16 12:0 a.m.39 views

Web Encryption Extension security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Revision: 1.0 Last Updated: 25 July 2014 First Published: 25 July 2014 Summary: A security issue was found in the Web Encryption Extension. Authenticated users are able to modify the content of https request fields to insert code into the pipeline...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2014/10/14 11:44 p.m.12 views

POODLE SSL 3.0 Attack Exploits Widely-used Web Encryption Standard

Another Heartbleed-like vulnerability has been discovered in the decade old but still widely used Secure Sockets Layer SSL 3.0 cryptographic protocol that could allow an attacker to decrypt contents of encrypted connections to websites. Google's Security Team revealed on Tuesday that the most...

6.5AI score
Exploits0
ThreatPost
ThreatPost
added 2010/10/26 3:23 a.m.9 views

ToorCon: New Apps, Old Infrastructure Make Toxic Brew

In a variety of ways, experts at this weekend’s ToorCon Conference warned that the tidal wave of new devices and Web based services is straining an already aging Internet infrastructure, with privacy and security as the first victims. Call it the ‘schizophrenia of now’: a tidal wave of new...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2009/11/05 9:23 p.m.9 views

Zero-Day Flaw Found in Web Encryption

A zero-day flaw in the TLS and SSL protocols, which are commonly used to encrypt web pages, has been made public. The flaw allows an outsider to hijack a legitimate user’s browser session and successfully impersonate the user, the researchers said in a technical paper. Read the full story...

2.2AI score
Exploits0References2
Rows per page
Query Builder