CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-1255

Malware in sbrugna...

7.5CVSS7.5AI score0.00274EPSS

Exploits0References7

Veracode•added 2024/02/06 6:49 a.m.•21 views

Authentication Bypass

github.com/square/go-jose is vulnerable to Authentication Bypass. The vulnerability is due to missing size checks resulting in CBC-HMAC integers overflowing on 32-bit architectures. This could lead to authentication bypass for CBC-HMAC encrypted ciphertexts...

7.5CVSS7.4AI score0.00274EPSS

Exploits0References3Affected Software1

SUSE CVE•added 2023/02/15 5:46 a.m.•2 views

SUSE CVE-2012-2686

crypto/evp/eaescbchmacsha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service application crash via crafted CBC data...

5CVSS6.8AI score0.63145EPSS

Exploits2References5

Github Security Blog•added 2021/06/23 5:14 p.m.•48 views

Integer Overflow in go-jose

go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures...

7.5CVSS4.5AI score0.00274EPSS

Exploits0References6Affected Software1

OSV•added 2021/06/23 5:14 p.m.•14 views

GHSA-3FX4-7F69-5MMG Integer Overflow in go-jose

7.5CVSS7.7AI score0.00274EPSS

Exploits0References5

OSV•added 2021/04/19 2:58 p.m.•23 views

GHSA-94HH-PJJG-RWMR Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime

Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...

5.9CVSS6AI score0.00394EPSS

Exploits0References4

Github Security Blog•added 2021/04/19 2:57 p.m.•55 views

Padding Oracle Attack due to Observable Timing Discrepancy in jose

jose is an npm library providing a number of cryptographic operations. Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly...

5.9CVSS0.9AI score0.00316EPSS

Exploits0References4Affected Software1

Cvelist•added 2021/04/16 9:50 p.m.•11 views

CVE-2021-29445 Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime

jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

5.9CVSS6.4AI score0.00394EPSS

Exploits0References2

OSV•added 2021/04/16 6:15 p.m.•12 views

CVE-2021-29443

jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...

5.9CVSS5.7AI score

Exploits0References2

Debian•added 2019/10/13 7:41 a.m.•17 views

[SECURITY] [DSA 4539-3] openssl regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4539-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 13, 2019 https://www.debian.org/security/faq -...

1.8AI score

Exploits0

CNVD•added 2017/03/31 12:0 a.m.•3 views

go-jose CBC-HMAC Integer Overflow Vulnerability

go-jose is a standard method for implementing JavaScript object signing and encryption . An integer overflow vulnerability exists in 32-bit architectures in versions of go-jose prior to 1.0.5. An attacker could exploit this vulnerability to bypass authentication...

7.5CVSS7.7AI score0.00274EPSS

Exploits0References1

Prion•added 2017/03/28 2:59 a.m.•15 views

Integer overflow

5CVSS7.5AI score0.00274EPSS

Exploits0References3Affected Software1

UbuntuCve•added 2017/03/28 2:59 a.m.•16 views

CVE-2016-9123

7.5CVSS7.1AI score0.00274EPSS

Exploits0References4

OSV•added 2017/03/28 2:59 a.m.•21 views

CVE-2016-9123

7.5CVSS7.2AI score

Exploits0References3

NVD•added 2017/03/28 2:59 a.m.•15 views

CVE-2016-9123

7.5CVSS7.8AI score0.00274EPSS

Exploits0References3

OSV•added 2017/03/28 2:59 a.m.•3 views

DEBIAN-CVE-2016-9123

7.5CVSS7.3AI score0.00274EPSS

Exploits0References1

Cvelist•added 2017/03/28 2:46 a.m.•22 views

CVE-2016-9123

7.7AI score0.00274EPSS

Exploits0References3

CVE•added 2017/03/28 2:46 a.m.•67 views

CVE-2016-9123

The CVE-2016-9123 entry concerns go-jose and its CBC-HMAC implementation. Multiple connected sources confirm a CBC-HMAC integer overflow on 32-bit architectures in go-jose prior to 1.0.5, which could lead to authentication bypass for CBC-HMAC encrypted ciphertexts. Documents consistently describe...

7.5CVSS7.6AI score0.00274EPSS

Exploits0References3Affected Software1

Debian CVE•added 2017/03/28 2:46 a.m.•29 views

CVE-2016-9123

7.5CVSS7.8AI score0.00274EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by