VYPR

rpm package

suse/jose4j&distro=SUSE Manager Server Module 4.3

pkg:rpm/suse/jose4j&distro=SUSE%20Manager%20Server%20Module%204.3

Vulnerabilities (4)

  • CVE-2023-32189MedOct 16, 2024
    affected < 0.5.1-150400.3.6.2fixed 0.5.1-150400.3.6.2

    Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys

  • CVE-2023-51775Dec 25, 2023
    affected < 0.5.1-150400.3.9.4fixed 0.5.1-150400.3.9.4

    The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

  • CVE-2023-31582Oct 24, 2023
    affected < 0.5.1-150400.3.6.2fixed 0.5.1-150400.3.6.2

    jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.

  • CVE-2022-31248Jun 22, 2022
    affected < 0.5.1-150400.3.3.1fixed 0.5.1-150400.3.3.1

    A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.