exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 54

CVE-2025-27144

5 месяцев назад

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.

CVSS3: 7.5

EPSS: Низкий

CVE-2025-27144

5 месяцев назад

EPSS: Низкий

CVE-2025-27144

5 месяцев назад

EPSS: Низкий

CVE-2025-27144

5 месяцев назад

Go JOSE provides an implementation of the Javascript Object Signing an ...

EPSS: Низкий

ROS-20250505-01

3 месяца назад

Уязвимость golang-x-crypto-devel

CVSS3: 7.5

EPSS: Низкий

GHSA-hcg3-q754-cr77

4 месяца назад

golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange

CVSS3: 7.5

EPSS: Низкий

ELSA-2025-7484

около 1 месяца назад

ELSA-2025-7484: gvisor-tap-vsock security update (IMPORTANT)

EPSS: Низкий

ELSA-2025-7416

3 месяца назад

ELSA-2025-7416: gvisor-tap-vsock security update (IMPORTANT)

EPSS: Низкий

ELSA-2025-3833

4 месяца назад

ELSA-2025-3833: gvisor-tap-vsock security update (IMPORTANT)

EPSS: Низкий

ELSA-2025-3336

4 месяца назад

ELSA-2025-3336: podman security update (IMPORTANT)

EPSS: Низкий

ELSA-2025-3210

5 месяцев назад

ELSA-2025-3210: container-tools:ol8 security update (IMPORTANT)

EPSS: Низкий

BDU:2025-06560

5 месяцев назад

Уязвимость SSH-сервера языка программирования Golang, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 7.5

EPSS: Низкий

openSUSE-SU-2025:0080-1

5 месяцев назад

Security update for trivy

EPSS: Низкий

SUSE-SU-2025:1011-1

5 месяцев назад

Security update for grafana

EPSS: Низкий

SUSE-SU-2025:0812-1

5 месяцев назад

Security update for buildah

EPSS: Низкий

SUSE-SU-2025:0811-1

5 месяцев назад

Security update for buildah

EPSS: Низкий

SUSE-SU-2025:0786-1

5 месяцев назад

Security update for podman

EPSS: Низкий

SUSE-SU-2025:0785-1

5 месяцев назад

Security update for podman

EPSS: Низкий

SUSE-SU-2025:0772-1

5 месяцев назад

Security update for skopeo

EPSS: Низкий

ROS-20250624-15

около 2 месяцев назад

Уязвимость consul

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2025-27144 Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.	CVSS3: 7.5	0% Низкий	5 месяцев назад
CVE-2025-27144 Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.		0% Низкий	5 месяцев назад
CVE-2025-27144		0% Низкий	5 месяцев назад
CVE-2025-27144 Go JOSE provides an implementation of the Javascript Object Signing an ...		0% Низкий	5 месяцев назад
ROS-20250505-01 Уязвимость golang-x-crypto-devel	CVSS3: 7.5	0% Низкий	3 месяца назад
GHSA-hcg3-q754-cr77 golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange	CVSS3: 7.5	0% Низкий	4 месяца назад
ELSA-2025-7484 ELSA-2025-7484: gvisor-tap-vsock security update (IMPORTANT)			около 1 месяца назад
ELSA-2025-7416 ELSA-2025-7416: gvisor-tap-vsock security update (IMPORTANT)			3 месяца назад
ELSA-2025-3833 ELSA-2025-3833: gvisor-tap-vsock security update (IMPORTANT)			4 месяца назад
ELSA-2025-3336 ELSA-2025-3336: podman security update (IMPORTANT)			4 месяца назад
ELSA-2025-3210 ELSA-2025-3210: container-tools:ol8 security update (IMPORTANT)			5 месяцев назад
BDU:2025-06560 Уязвимость SSH-сервера языка программирования Golang, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании	CVSS3: 7.5	0% Низкий	5 месяцев назад
openSUSE-SU-2025:0080-1 Security update for trivy		0% Низкий	5 месяцев назад
SUSE-SU-2025:1011-1 Security update for grafana		0% Низкий	5 месяцев назад
SUSE-SU-2025:0812-1 Security update for buildah		0% Низкий	5 месяцев назад
SUSE-SU-2025:0811-1 Security update for buildah		0% Низкий	5 месяцев назад
SUSE-SU-2025:0786-1 Security update for podman		0% Низкий	5 месяцев назад
SUSE-SU-2025:0785-1 Security update for podman		0% Низкий	5 месяцев назад
SUSE-SU-2025:0772-1 Security update for skopeo		0% Низкий	5 месяцев назад
ROS-20250624-15 Уязвимость consul	CVSS3: 7.5	0% Низкий	около 2 месяцев назад

Уязвимостей на страницу