Filtered by vendor Jose-php Project
Subscriptions
Filtered by product Jose-php
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5429 | 1 Jose-php Project | 1 Jose-php | 2024-08-06 | 3.7 Low |
| jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php. | ||||
| CVE-2016-5430 | 1 Jose-php Project | 1 Jose-php | 2024-08-06 | 5.3 Medium |
| The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA). | ||||
Page 1 of 1.