Количество 78
Количество 78
CVE-2025-27144
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.
CVE-2025-27144
Go JOSE's Parsing Vulnerable to Denial of Service
CVE-2025-27144
Go JOSE provides an implementation of the Javascript Object Signing an ...
CVE-2025-22869
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
CVE-2025-22869
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
CVE-2025-22869
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
CVE-2025-22869
Potential denial of service in golang.org/x/crypto
CVE-2025-22869
SSH servers which implement file transfer protocols are vulnerable to ...
openSUSE-SU-2025:20117-1
Security update for trivy
openSUSE-SU-2025:0080-1
Security update for trivy
SUSE-SU-2025:1011-1
Security update for grafana
SUSE-SU-2025:0812-1
Security update for buildah
SUSE-SU-2025:0811-1
Security update for buildah
SUSE-SU-2025:0786-1
Security update for podman
SUSE-SU-2025:0785-1
Security update for podman
SUSE-SU-2025:0772-1
Security update for skopeo
RLSA-2025:7467
Moderate: skopeo security update
RLSA-2025:7459
Moderate: buildah security update
RLSA-2025:7397
Moderate: skopeo security update
RLSA-2025:7389
Moderate: buildah security update
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-27144 Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters. | 0% Низкий | около 1 года назад | |
 | CVE-2025-27144 Go JOSE's Parsing Vulnerable to Denial of Service | 0% Низкий | около 1 года назад | |
| CVE-2025-27144 Go JOSE provides an implementation of the Javascript Object Signing an ... | 0% Низкий | около 1 года назад | |
 | CVE-2025-22869 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
 | CVE-2025-22869 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
| CVE-2025-22869 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
| CVE-2025-22869 Potential denial of service in golang.org/x/crypto | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
| CVE-2025-22869 SSH servers which implement file transfer protocols are vulnerable to ... | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
 | openSUSE-SU-2025:20117-1 Security update for trivy | 4 месяца назад | ||
| openSUSE-SU-2025:0080-1 Security update for trivy | 0% Низкий | около 1 года назад | |
| SUSE-SU-2025:1011-1 Security update for grafana | 0% Низкий | около 1 года назад | |
| SUSE-SU-2025:0812-1 Security update for buildah | 0% Низкий | около 1 года назад | |
| SUSE-SU-2025:0811-1 Security update for buildah | 0% Низкий | около 1 года назад | |
| SUSE-SU-2025:0786-1 Security update for podman | 0% Низкий | около 1 года назад | |
| SUSE-SU-2025:0785-1 Security update for podman | 0% Низкий | около 1 года назад | |
| SUSE-SU-2025:0772-1 Security update for skopeo | 0% Низкий | около 1 года назад | |
 | RLSA-2025:7467 Moderate: skopeo security update | 0% Низкий | 6 месяцев назад | |
| RLSA-2025:7459 Moderate: buildah security update | 0% Низкий | 6 месяцев назад | |
| RLSA-2025:7397 Moderate: skopeo security update | 0% Низкий | 6 месяцев назад | |
| RLSA-2025:7389 Moderate: buildah security update | 0% Низкий | 6 месяцев назад |
Уязвимостей на страницу