Lucene search
K

97 matches found

RedHat Linux
RedHat Linux
added yesterday4 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS7.5AI score0.00036EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago6 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.9AI score0.00036EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

RockyLinux 9 : osbuild-composer (RLSA-2026:22714)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22714 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...

10CVSS5.6AI score0.00086EPSS
Exploits3References21
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.9 views

RockyLinux 9 : podman (RLSA-2026:19173)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19173 advisory. github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption JWE object CVE-2026-34986 Tenable has...

7.5CVSS6.9AI score0.00036EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 4:3 p.m.15 views

RLSA-2026:19017 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679...

7.5CVSS7AI score0.00044EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/20 5:1 p.m.9 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.3AI score0.00036EPSS
Exploits0References6
OSV
OSV
added 2026/05/19 12:0 a.m.6 views

ALSA-2026:19173 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service...

7.5CVSS6.9AI score0.00036EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/13 1:20 p.m.29 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.3AI score0.00036EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/29 12:20 p.m.5 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.6.15

Red Hat OpenShift Service Mesh 2.6.15 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh...

9.8CVSS7.4AI score0.00044EPSS
Exploits0References12
OSV
OSV
added 2026/04/28 5:37 p.m.5 views

CLSA-2026-1777386823 buildah: Fix of CVE-2026-34986

CVE-2026-34986: fix go-jose panic on JWE decryption when encryptedkey field is empty...

7.5CVSS6.4AI score0.00036EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.2 views

RockyLinux 9 : buildah (RLSA-2026:10135)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:10135 advisory. github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption JWE object CVE-2026-34986 Tenable has...

7.5CVSS6.2AI score0.00036EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/11 9:23 a.m.8 views

SUSE CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

7.5CVSS5.9AI score0.00036EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-34986

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON W...

7.5CVSS6.9AI score0.00036EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/06 5:17 p.m.2 views

CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

7.5CVSS6AI score0.00036EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/06 4:22 p.m.2 views

CVE-2026-34986 Go JOSE affect by a panic in JWE decryption

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

7.5CVSS6AI score0.00036EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/06 4:22 p.m.18 views

CVE-2026-34986 Go JOSE affect by a panic in JWE decryption

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

7.5CVSS0.00036EPSS
Exploits0References2
CVE
CVE
added 2026/04/06 4:22 p.m.274 views

CVE-2026-34986

CVE-2026-34986 affects the Go JOSE library. Prior to versions 4.1.4 and 3.0.5, decrypting a JWE object can cause a panic when the alg field indicates a key-wrapping algorithm (any ending with KW, except A128GCMKW/A192GCMKW/A256GCMKW) and encrypted_key is empty. The panic occurs in cipher.KeyUnwra...

7.5CVSS6AI score0.00036EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/03 3:28 a.m.12 views

Go JOSE Panics in JWE decryption

Impact Decrypting a JSON Web Encryption JWE object will panic if the alg field indicates a key wrapping algorithm one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW and the encryptedkey field is empty. The panic happens when cipher.KeyUnwrap in keywrap.go attempts to...

7.5CVSS6AI score0.00036EPSS
Exploits0References4Affected Software3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.2 views

MiracleLinux 9 : skopeo-1.18.1-1.el9_6 (AXSA:2025-10461:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10461:02 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 Tenable has extracted the preceding description block directly from the MiracleLin...

8.7CVSS6.8AI score0.00152EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/11/04 8:51 a.m.3 views

Moderate: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

8.7CVSS6.7AI score0.00152EPSS
Exploits0References3
Rows per page
Query Builder