Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Latchset Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-28102 2 Debian, Latchset 2 Debian Linux, Jwcrypto 2025-12-22 N/A 6.8 MEDIUM
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length.
CVE-2023-50967 2 Fedoraproject, Latchset 2 Fedora, Jose 2025-11-04 N/A 7.5 HIGH
latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
CVE-2016-6298 1 Latchset 1 Jwcrypto 2025-04-12 4.3 MEDIUM 5.3 MEDIUM
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
CVE-2023-6681 3 Fedoraproject, Latchset, Redhat 6 Fedora, Jwcrypto, Enterprise Linux and 3 more 2024-11-21 N/A 5.3 MEDIUM
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.
CVE-2023-6258 1 Latchset 1 Pkcs11-provider 2024-11-21 N/A 8.1 HIGH
A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption.