Количество 54
Количество 54
RLSA-2024:2549
Moderate: skopeo security and bug fix update
ELSA-2024-2549
ELSA-2024-2549: skopeo security and bug fix update (MODERATE)
SUSE-SU-2024:3186-1
Security update for buildah
SUSE-SU-2024:3151-1
Security update for buildah
ELSA-2024-3254
ELSA-2024-3254: container-tools:ol8 security update (IMPORTANT)
SUSE-SU-2024:3120-1
Security update for buildah, docker
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Objec ...
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
CVE-2024-24786
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmar ...
SUSE-SU-2025:0066-1
Security update for apptainer
SUSE-SU-2024:2754-1
Security update for skopeo
GHSA-c5q2-7r4c-mv6g
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
BDU:2024-01928
Уязвимость пакета реализации набора стандартов JWE, JWS, JWT go-jose для языка программирования Go, связанная с некорректной обработкой сильно сжатых входных данных, позволяющая нарушителю вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2024:2549 Moderate: skopeo security and bug fix update | около 1 года назад | ||
| ELSA-2024-2549 ELSA-2024-2549: skopeo security and bug fix update (MODERATE) | около 1 года назад | ||
 | SUSE-SU-2024:3186-1 Security update for buildah | 9 месяцев назад | ||
| SUSE-SU-2024:3151-1 Security update for buildah | 10 месяцев назад | ||
| ELSA-2024-3254 ELSA-2024-3254: container-tools:ol8 security update (IMPORTANT) | около 1 года назад | ||
| SUSE-SU-2024:3120-1 Security update for buildah, docker | 10 месяцев назад | ||
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
 | CVSS3: 4.3 | 0% Низкий | 8 месяцев назад | |
| CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Objec ... | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-24786 The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| CVE-2024-24786 The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | CVSS3: 5.9 | 0% Низкий | больше 1 года назад |
| CVE-2024-24786 The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| CVSS3: 7.5 | 0% Низкий | 8 месяцев назад | |
| CVE-2024-24786 The protojson.Unmarshal function can enter an infinite loop when unmar ... | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| SUSE-SU-2025:0066-1 Security update for apptainer | 0% Низкий | 5 месяцев назад | |
| SUSE-SU-2024:2754-1 Security update for skopeo | 0% Низкий | 11 месяцев назад | |
| GHSA-c5q2-7r4c-mv6g Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
 | BDU:2024-01928 Уязвимость пакета реализации набора стандартов JWE, JWS, JWT go-jose для языка программирования Go, связанная с некорректной обработкой сильно сжатых входных данных, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу