Lucene search
+L

124 matches found

RedHat Linux
RedHat Linux
added 2026/05/26 5:28 a.m.18 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.8AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/26 3:26 a.m.24 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.8AI score0.00651EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:49 p.m.13 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in Go JOSE [CVE-2026-34986]

Summary IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in Go JOSE, due to an issue occuring when cipher.KeyUnwrap in keywrap.go attempts to allocate a slice with a zero or negative length based on the length of the encryptedkey CVE-2026-34986. Go JOSE is used as...

7.5CVSS6.9AI score0.00651EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/20 5:1 p.m.13 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.3AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/20 4:56 p.m.15 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.3AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/20 4:45 p.m.13 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.3AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/19 9:46 p.m.12 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.3AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/19 6:24 p.m.12 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.3AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/19 6:24 p.m.10 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.3AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/19 4:12 p.m.12 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.3AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/19 1:24 p.m.14 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.3AI score0.00651EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.9 views

SUSE SLES15 Security Update : google-cloud-sap-agent (SUSE-SU-2026:1938-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1938-1 advisory. This update for google-cloud-sap-agent fixes the following issue: - CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object...

7.5CVSS6.4AI score0.00651EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/05/18 7:42 a.m.7 views

Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue: CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty encryptedkey field but key wrapping algorithm set can lead to a denial of service bsc1262936. Patch Instructions: To install this SUSE update use th...

8.7CVSS6.3AI score0.00651EPSS
Exploits0References4
OSV
OSV
added 2026/05/18 7:42 a.m.4 views

SUSE-SU-2026:1938-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue: - CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty encryptedkey field but key wrapping algorithm set can lead to a denial of service bsc1262936...

7.5CVSS6.3AI score0.00651EPSS
Exploits0References3
OSV
OSV
added 2026/05/18 7:40 a.m.8 views

SUSE-SU-2026:1935-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue: - CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty encryptedkey field but key wrapping algorithm set can lead to a denial of service bsc1262936...

7.5CVSS5.8AI score0.00651EPSS
Exploits0References3
Veracode
Veracode
added 2026/05/16 5:20 a.m.7 views

Denial Of Service (DoS)

github.com/go-jose/go-jose is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation of JWE objects during decryption when the alg field indicates a key wrapping algorithm and the encryptedkey field is empty, which allows an attacker to trigger a runtime panic via...

7.5CVSS7.3AI score0.00651EPSS
Exploits0References123Affected Software3
RedHat Linux
RedHat Linux
added 2026/05/13 7:33 p.m.8 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS5.7AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/13 1:20 p.m.48 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.3AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/13 1:56 a.m.14 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS5.7AI score0.00651EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.6 views

openSUSE 16 Security Update : google-cloud-sap-agent (openSUSE-SU-2026:20669-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20669-1 advisory. This update for google-cloud-sap-agent fixes the following issue: - CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty...

7.5CVSS5.9AI score0.00651EPSS
Exploits0References3
Rows per page
Query Builder