Fedora 44 : opkssh (2026-af08c3b44f)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-af08c3b44f advisory. Fix CVE-2026-34986 in bundled go-jose Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Azure Linux 3.0 Security Update: jose (CVE-2023-50967)

The version of jose installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-50967 advisory. - latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c...

MiracleLinux 8 : jose-10-2.el8_10.3 (AXSA:2024-8659:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8659:01 advisory. jose: resource exhaustion CVE-2024-28176 jose: Denial of service due to uncontrolled CPU consumption CVE-2023-50967 Tenable has extracted the...

Linux Distros Unpatched Vulnerability : CVE-2024-28176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JS...

CVE-2023-50967 affecting package jose for versions less than 14-3

CVE-2023-50967 affecting package jose for versions less than 14-3. An upgraded version of the package is available that resolves this issue...

RLSA-2024:5294 Moderate: jose security update

Jose is a C-language implementation of the Javascript Object Signing and Encryption standards. The jose package is a dependency of the clevis and tang packages, together providing Network Bound Disk Encryption NBDE in Rocky Linux. Security Fixes: jose: resource exhaustion CVE-2024-28176 jose:...

RockyLinux 9 : jose (RLSA-2024:9181)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:9181 advisory. jose: resource exhaustion CVE-2024-28176 jose: Denial of service due to uncontrolled CPU consumption CVE-2023-50967 Tenable has extracted the preceding...

RLSA-2024:9181 Moderate: jose security update

Jose is a C-language implementation of the Javascript Object Signing and Encryption standards. The jose package is a dependency of the clevis and tang packages, together providing Network Bound Disk Encryption NBDE in Rocky Linux. Security Fixes: jose: resource exhaustion CVE-2024-28176 jose:...

jose: Denial of service due to uncontrolled CPU consumption

A flaw was found in the Jose package, where a large number of iterations used to derive the wrapping key for the PBKDF2 algorithm may lead to a denial of service. This flaw allows an attacker to set a large number of PBKDF2' iterations, triggering an uncontrolled resource consumption that impacts...

ALSA-2024:9181 Moderate: jose security update

Jose is a C-language implementation of the Javascript Object Signing and Encryption standards. The jose package is a dependency of the clevis and tang packages, together providing Network Bound Disk Encryption NBDE in AlmaLinux. Security Fixes: jose: resource exhaustion CVE-2024-28176 jose: Denia...

Huawei EulerOS: Security Advisory for jose (EulerOS-SA-2024-2475)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : jose (RHSA-2024:5294)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5294 advisory. Jose is a C-language implementation of the Javascript Object Signing and Encryption standards. The jose package is a dependency of the clevi...

jose: Denial of service due to uncontrolled CPU consumption

A flaw was found in the Jose package, where a large number of iterations used to derive the wrapping key for the PBKDF2 algorithm may lead to a denial of service. This flaw allows an attacker to set a large number of PBKDF2' iterations, triggering an uncontrolled resource consumption that impacts...

Moderate: Red Hat Security Advisory: jose security update

An update for jose is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

ALSA-2024:5294 Moderate: jose security update

Jose is a C-language implementation of the Javascript Object Signing and Encryption standards. The jose package is a dependency of the clevis and tang packages, together providing Network Bound Disk Encryption NBDE in AlmaLinux. Security Fixes: jose: resource exhaustion CVE-2024-28176 jose: Denia...

Moderate: jose security update

Jose is a C-language implementation of the Javascript Object Signing and Encryption standards. The jose package is a dependency of the clevis and tang packages, together providing Network Bound Disk Encryption NBDE in AlmaLinux. Security Fixes: jose: resource exhaustion CVE-2024-28176 jose: Denia...

Fedora: Security Advisory (FEDORA-2024-2cface5aba)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : jose (ALAS-2024-2529)

The version of jose installed on the remote host is prior to 10-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2529 advisory. latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

Fedora 40 : jose (2024-2cface5aba)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2cface5aba advisory. Security fix for CVE-2023-50967 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Fedora 40 : prometheus-podman-exporter (2024-9231308a4f)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9231308a4f advisory. release v1.11.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...