rpm package
suse/jose4j&distro=SUSE Manager Server Module 4.3
pkg:rpm/suse/jose4j&distro=SUSE%20Manager%20Server%20Module%204.3
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-32189 | Med | 5.9 | < 0.5.1-150400.3.6.2 | 0.5.1-150400.3.6.2 | Oct 16, 2024 | Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys | |
| CVE-2023-51775 | — | < 0.5.1-150400.3.9.4 | 0.5.1-150400.3.9.4 | Dec 25, 2023 | The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. | ||
| CVE-2023-31582 | — | < 0.5.1-150400.3.6.2 | 0.5.1-150400.3.6.2 | Oct 24, 2023 | jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. | ||
| CVE-2022-31248 | — | < 0.5.1-150400.3.3.1 | 0.5.1-150400.3.3.1 | Jun 22, 2022 | A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4. |
- affected < 0.5.1-150400.3.6.2fixed 0.5.1-150400.3.6.2
Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys
- CVE-2023-51775Dec 25, 2023affected < 0.5.1-150400.3.9.4fixed 0.5.1-150400.3.9.4
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
- CVE-2023-31582Oct 24, 2023affected < 0.5.1-150400.3.6.2fixed 0.5.1-150400.3.6.2
jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.
- CVE-2022-31248Jun 22, 2022affected < 0.5.1-150400.3.3.1fixed 0.5.1-150400.3.3.1
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.