Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jose project jose vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-9123
go-jose prior to 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.
Go-jose Project Go-jose
7.5
CVSSv2
CVE-2016-7036
python-jose prior to 1.3.2 allows malicious users to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
Python-jose Project Python-jose
5
CVSSv2
CVE-2016-5430
The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php prior to 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote malicious users to obtain cleartext data via a Million Message Attack (MMA).
Jose-php Project Jose-php
4.3
CVSSv2
CVE-2016-5429
jose-php prior to 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote malicious users to obtain sensitive information via a timing attack, related to JWE.php and JWS.php.
Jose-php Project Jose-php
4.6
CVSSv2
CVE-2015-1572
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs prior to 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015...
E2fsprogs Project E2fsprogs
Debian Debian Linux 7.0
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
4.6
CVSSv2
CVE-2015-0247
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs prior to 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.
E2fsprogs Project E2fsprogs
Debian Debian Linux 7.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 10.04
Fedoraproject Fedora 20
Fedoraproject Fedora 21
7.5
CVSSv2
CVE-2014-9029
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and previous versions allow remote malicious users to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
Jasper Project Jasper
7.5
CVSSv2
CVE-2011-1092
Integer overflow in ext/shmop/shmop.c in PHP prior to 5.3.6 allows context-dependent malicious users to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.
Php Php 5.3.1
Php Php 5.3.2
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.1.1
Php Php 4.1.2
Php Php 4.3.0
Php Php 4.0.2
Php Php 4.0.3
Php Php 4.0
Php Php 4.0.0
Php Php 4.0.1
Php Php 4.2.0
Php Php 4.3.1
Php Php 4.3.10
Php Php 4.3.7
Php Php 4.3.8
Php Php 4.4.5
Php Php 4.4.6
Php Php 3.0.1
Php Php 3.0
Php Php 3.0.17
1 EDB exploit
9.3
CVSSv2
CVE-2010-1797
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType prior to 2.4.2, as used in Apple iOS prior to 4.0.2 on the iPhone and iPod touch and prior to 3.2.2 on the iPad, allow remote...
Apple Iphone Os 1.0.0
Apple Iphone Os 1.1.0
Apple Iphone Os 1.1.1
Apple Iphone Os 1.1.3
Apple Iphone Os 2.0
Apple Iphone Os 2.0.0
Apple Iphone Os 2.0.2
Apple Iphone Os 2.1
Apple Iphone Os 2.2.1
Apple Iphone Os 2.2
Apple Iphone Os 3.1.2
Apple Iphone Os 1.0.1
Apple Iphone Os 1.1.4
Apple Iphone Os 2.0.1
Apple Iphone Os 2.1.1
Apple Iphone Os 3.0
Apple Iphone Os 3.0.1
Apple Iphone Os 3.1.3
Apple Iphone Os 3.2
Apple Iphone Os 4.0
Apple Iphone Os 1.0.2
Apple Iphone Os 1.1.2
2 EDB exploits
1 Github repository
9.3
CVSSv2
CVE-2009-3389
Integer overflow in libtheora in Xiph.Org Theora prior to 1.1, as used in Mozilla Firefox 3.5 prior to 3.5.6 and SeaMonkey prior to 2.0.1, allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dime...
Mozilla Firefox 3.5.5
Mozilla Seamonkey 1.0.8
Mozilla Seamonkey 1.0.2
Mozilla Seamonkey 1.0
Mozilla Seamonkey 1.1.14
Mozilla Seamonkey 1.1.12
Mozilla Seamonkey 1.1.13
Mozilla Seamonkey 1.1.11
Mozilla Seamonkey 1.1.6
Mozilla Seamonkey 2.0
Mozilla Seamonkey 1.5.0.10
Mozilla Seamonkey 1.0.7
Mozilla Seamonkey 1.0.6
Mozilla Seamonkey 1.0.1
Mozilla Seamonkey 1.1
Mozilla Seamonkey 1.1.15
Mozilla Seamonkey 1.1.4
Mozilla Seamonkey 1.1.9
Mozilla Seamonkey 1.1.5
Mozilla Seamonkey 2.0a1
Mozilla Seamonkey 2.0a1pre
Mozilla Firefox 3.5.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »