Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-38493 | 1 Rhonabwy Project | 1 Rhonabwy | 2022-08-23 | N/A | 7.5 HIGH |
Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token. | |||||
CVE-2022-32096 | 1 Rhonabwy Project | 1 Rhonabwy | 2022-07-26 | 5.0 MEDIUM | 7.5 HIGH |
Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token. |