exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 23

RLSA-2024:9181

около 1 года назад

Moderate: jose security update

EPSS: Низкий

RLSA-2024:5294

11 месяцев назад

Moderate: jose security update

EPSS: Низкий

ELSA-2024-9181

больше 1 года назад

ELSA-2024-9181: jose security update (MODERATE)

EPSS: Низкий

ELSA-2024-5294

больше 1 года назад

ELSA-2024-5294: jose security update (MODERATE)

EPSS: Низкий

CVE-2023-50967

около 2 лет назад

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

CVSS3: 7.5

EPSS: Низкий

CVE-2023-50967

около 2 лет назад

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

CVSS3: 7.5

EPSS: Низкий

CVE-2023-50967

около 2 лет назад

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

CVSS3: 7.5

EPSS: Низкий

CVE-2023-50967

9 месяцев назад

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

CVSS3: 7.5

EPSS: Низкий

CVE-2023-50967

около 2 лет назад

latchset jose through version 11 allows attackers to cause a denial of ...

CVSS3: 7.5

EPSS: Низкий

CVE-2024-28176

около 2 лет назад

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.

CVSS3: 4.9

EPSS: Низкий

CVE-2024-28176

около 2 лет назад

CVSS3: 5.3

EPSS: Низкий

CVE-2024-28176

около 2 лет назад

CVSS3: 4.9

EPSS: Низкий

GHSA-5rrv-52wj-qgfg

около 2 лет назад

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

CVSS3: 7.5

EPSS: Низкий

BDU:2024-02461

около 2 лет назад

Уязвимость модуля языка С для подписи и шифрования объектов JSON latchset Jose, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 7.5

EPSS: Низкий

GHSA-hhhv-q57g-882q

около 2 лет назад

jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext

CVSS3: 5.3

EPSS: Низкий

BDU:2024-01954

около 2 лет назад

Уязвимость модуля JavaScript для подписи и шифрования объектов JSON jose, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 4.9

EPSS: Низкий

ROS-20251203-07

4 месяца назад

Уязвимость jose

CVSS3: 7.5

EPSS: Низкий

RLSA-2024:3968

почти 2 года назад

Moderate: container-tools:rhel8 bug fix and enhancement update

EPSS: Низкий

ELSA-2024-3968

почти 2 года назад

ELSA-2024-3968: container-tools:ol8 bug fix and enhancement update (MODERATE)

EPSS: Низкий

RLSA-2024:3827

почти 2 года назад

Moderate: buildah security and bug fix update

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
RLSA-2024:9181 Moderate: jose security update			около 1 года назад
RLSA-2024:5294 Moderate: jose security update			11 месяцев назад
ELSA-2024-9181 ELSA-2024-9181: jose security update (MODERATE)			больше 1 года назад
ELSA-2024-5294 ELSA-2024-5294: jose security update (MODERATE)			больше 1 года назад
CVE-2023-50967 latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.	CVSS3: 7.5	1% Низкий	около 2 лет назад
CVE-2023-50967 latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.	CVSS3: 7.5	1% Низкий	около 2 лет назад
CVE-2023-50967 latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.	CVSS3: 7.5	1% Низкий	около 2 лет назад
CVE-2023-50967 latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.	CVSS3: 7.5	1% Низкий	9 месяцев назад
CVE-2023-50967 latchset jose through version 11 allows attackers to cause a denial of ...	CVSS3: 7.5	1% Низкий	около 2 лет назад
CVE-2024-28176 jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.	CVSS3: 4.9	1% Низкий	около 2 лет назад
CVE-2024-28176 jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.	CVSS3: 5.3	1% Низкий	около 2 лет назад
CVE-2024-28176 jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.	CVSS3: 4.9	1% Низкий	около 2 лет назад
GHSA-5rrv-52wj-qgfg latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.	CVSS3: 7.5	1% Низкий	около 2 лет назад
BDU:2024-02461 Уязвимость модуля языка С для подписи и шифрования объектов JSON latchset Jose, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании	CVSS3: 7.5	1% Низкий	около 2 лет назад
GHSA-hhhv-q57g-882q jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext	CVSS3: 5.3	1% Низкий	около 2 лет назад
BDU:2024-01954 Уязвимость модуля JavaScript для подписи и шифрования объектов JSON jose, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании	CVSS3: 4.9	1% Низкий	около 2 лет назад
ROS-20251203-07 Уязвимость jose	CVSS3: 7.5	1% Низкий	4 месяца назад
RLSA-2024:3968 Moderate: container-tools:rhel8 bug fix and enhancement update			почти 2 года назад
ELSA-2024-3968 ELSA-2024-3968: container-tools:ol8 bug fix and enhancement update (MODERATE)			почти 2 года назад
RLSA-2024:3827 Moderate: buildah security and bug fix update			почти 2 года назад

Уязвимостей на страницу