| Max CVSS | 5.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-12974 | 5.0 |
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the a
|
16-11-2019 - 02:15 | 20-08-2017 - 16:29 | |
| CVE-2017-12972 | 5.0 |
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that differen
|
16-11-2019 - 02:15 | 20-08-2017 - 16:29 | |
| CVE-2017-12973 | 4.3 |
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
|
03-10-2019 - 00:03 | 20-08-2017 - 16:29 |