Lucene search
K

118 matches found

RedHat Linux
RedHat Linux
added 2026/05/04 1:37 a.m.16 views

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

7.5CVSS6.3AI score0.01553EPSS
Exploits0References4
Fedora
Fedora
added 2026/05/01 3:6 a.m.8 views

[SECURITY] Fedora 43 Update: openbao-2.5.3-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

7.5CVSS5.4AI score0.00651EPSS
Exploits1
OSV
OSV
added 2026/04/28 5:37 p.m.8 views

CLSA-2026-1777386823 buildah: Fix of CVE-2026-34986

CVE-2026-34986: fix go-jose panic on JWE decryption when encryptedkey field is empty...

7.5CVSS6.4AI score0.00651EPSS
Exploits0References1
OSV
OSV
added 2026/04/28 3:34 p.m.6 views

CLSA-2026-1777387432 buildah: Fix of CVE-2026-34986

CVE-2026-34986: fix go-jose panic on JWE decryption when encryptedkey field is empty...

7.5CVSS6.4AI score0.00651EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/24 7:46 a.m.10 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS5.5AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/16 2:50 p.m.5 views

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

7.5CVSS5.8AI score0.01553EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 2:48 p.m.5 views

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

7.5CVSS6.3AI score0.01553EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 2:46 p.m.4 views

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

7.5CVSS6.3AI score0.01553EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 2:19 p.m.7 views

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

7.5CVSS5.8AI score0.01553EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 2:14 p.m.7 views

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

7.5CVSS5.8AI score0.01553EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 2:9 p.m.7 views

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

7.5CVSS6.3AI score0.01553EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/14 6:47 p.m.6 views

CVE-2026-32203

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users. Mitigation Mitigation for this issue is either not available or...

7.5CVSS5.7AI score0.01553EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/11 9:23 a.m.11 views

SUSE CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

7.5CVSS5.9AI score0.00651EPSS
Exploits0References42
RedhatCVE
RedhatCVE
added 2026/04/07 12:47 a.m.4 views

CVE-2026-34986

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS5.8AI score0.00651EPSS
Exploits0References5
OSV
OSV
added 2026/04/06 5:17 p.m.1 views

DEBIAN-CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

7.5CVSS6.2AI score0.00651EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 5:17 p.m.3 views

CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

7.5CVSS0.00651EPSS
Exploits0References115
UbuntuCve
UbuntuCve
added 2026/04/06 5:17 p.m.4 views

CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

7.5CVSS6AI score0.00651EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/06 4:22 p.m.5 views

CVE-2026-34986 Go JOSE affect by a panic in JWE decryption

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

7.5CVSS6AI score0.00651EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/04/06 4:22 p.m.5 views

CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

7.5CVSS7.1AI score0.00651EPSS
Exploits0
CVE
CVE
added 2026/04/06 4:22 p.m.527 views

CVE-2026-34986

CVE-2026-34986 affects the Go JOSE library. Prior to versions 4.1.4 and 3.0.5, decrypting a JWE object can cause a panic when the alg field indicates a key-wrapping algorithm (any ending with KW, except A128GCMKW/A192GCMKW/A256GCMKW) and encrypted_key is empty. The panic occurs in cipher.KeyUnwra...

7.5CVSS6AI score0.00651EPSS
Exploits0References115Affected Software1
Rows per page
Query Builder