CVE-2019-25653

creationtimestamp| type| source ---|---|--- 2026-03-30 12:32:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mibo7k5cn323...

CVE-2023-25653

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in node-jose can trigger a Denial-of-Service DoS condition, due to a...

CVE-2024-25653

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

CVE-2022-25653

Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...

CVE-2021-25653

A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities AVPU that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU...

RHEL 6 : spice-vdagent (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spice-vdagent: Improper validation of xfers-savedir in vdagentfilexfersdata CVE-2017-15108 - spice-vdagen...

RHEL 7 : spice-vdagent (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spice-vdagent: Improper validation of xfers-savedir in vdagentfilexfersdata CVE-2017-15108 - spice-vdagen...

CVE-2024-25653

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

CVE-2024-25653

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

CVE-2024-25653

Delinea PAM Secret Server 11.4 exposes a Broken Access Control in the Web UI Report functionality (Unlimited Admin Mode) that allows unprivileged users to view system reports and modify custom reports. Root cause: access control bypass within the Reports feature. Affected component: Report module...

Rocky Linux 8 : spice-vdagent (RLSA-2021:1791)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1791 advisory. - A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest...

Security Bulletin: Cisco node-jose is vulnerable to CVE-2023-25653 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Cisco node-jose which is vulnerable to CVE-2023-25653. Vulnerability Details CVEID:CVE-2023-25653 DESCRIPTION: Cisco node-jose is vulnerable to a denial of service, caused by improper calculations in ECC implementation. By sending a...

7ghost (>=4.11.0 <=4.11.46), @abbott-platform/abbott-framework (>=1.6.0 <=1.6.7) +587 more potentially affected by CVE-2023-25653 via node-jose (>=0.10.0 <=2.1.1)

node-jose NPM version =0.10.0, =4.11.0, =1.6.0, =1.5.3, =0.0.1, =0.0.0-development, =1.1.0, =0.0.1-beta.0, =0.0.2, =0.0.2, =5.5.1, =1.0.0, =0.1.0, =0.0.2, =4.5.0, =4.5.35 and more Source cves: CVE-2023-25653 Source advisory: OSV:GHSA-5H4J-QRVG-9XHW...

CVE-2023-25653

CVE-2023-25653 affects the node-jose library (JOSE for web browsers and Node.js) when using the non-default fallback crypto backend. The root cause is an infinite loop in ECC-related calculations due to how the modular inverse result from the jsbn library can be negative, which breaks the Barrett...

CVE-2023-25653 Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in node-jose can trigger a Denial-of-Service DoS condition, due to a...

CVE-2022-25653

CVE-2022-25653 is a buffer over-read in Qualcomm Snapdragon video processing of AVI files that leads to information disclosure. The issue affects Snapdragon components and is tied to an information-disclosure vulnerability from reading AVI data, with local attack vector and low attack complexity ...

CVE-2020-25653 affecting package spice-vdagent for versions less than 0.22.1-1

CVE-2020-25653 affecting package spice-vdagent for versions less than 0.22.1-1. An upgraded version of the package is available that resolves this issue...

Huawei EulerOS: Security Advisory for spice-vdagent (EulerOS-SA-2021-2617)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for spice-vdagent (EulerOS-SA-2021-2452)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:2803-1 Security update for spice-vdagent

This update for spice-vdagent fixes the following issues: - CVE-2020-25650: memory DoS via arbitrary entries in activexfers hash table bsc1177780 - CVE-2020-25651: possible file transfer DoS and information leak via activexfers hash map bsc1177781 - CVE-2020-25652: possibility to exhaust file...