Количество 99
Количество 99
RLSA-2025:7462
Important: podman security update
RLSA-2025:7391
Important: podman security update
ELSA-2025-7462
ELSA-2025-7462: podman security update (IMPORTANT)
ELSA-2025-7391
ELSA-2025-7391: podman security update (IMPORTANT)
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
CVE-2025-30204
jwt-go allows excessive memory allocation during header parsing
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in vers ...
SUSE-SU-2025:1038-1
Security update for podman
SUSE-SU-2025:1037-1
Security update for podman
SUSE-SU-2025:1036-1
Security update for podman
SUSE-RU-2025:02093-1
Recommended update for podman
SUSE-RU-2025:02092-1
Recommended update for podman
SUSE-RU-2025:02091-1
Recommended update for podman
GHSA-93mq-9ffx-83m2
Memory Exhaustion in Expr Parser with Unrestricted Input
BDU:2026-00158
Уязвимость библиотеки для вычислений и анализа выражений Expr, связанная с неограниченным распределением ресурсов, позволяющая нарушителю выполнить отказ в обслуживании
SUSE-SU-2025:1285-1
Security update for etcd
SUSE-SU-2025:02769-1
Security update for amber-cli
RLSA-2025:3411
Important: opentelemetry-collector security update
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2025:7462 Important: podman security update | 4 месяца назад | ||
| RLSA-2025:7391 Important: podman security update | 4 месяца назад | ||
| ELSA-2025-7462 ELSA-2025-7462: podman security update (IMPORTANT) | 7 месяцев назад | ||
| ELSA-2025-7391 ELSA-2025-7391: podman security update (IMPORTANT) | 9 месяцев назад | ||
 | CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2. | CVSS3: 7.5 | 0% Низкий | 11 месяцев назад |
 | CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2. | CVSS3: 7.5 | 0% Низкий | 11 месяцев назад |
 | CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2. | CVSS3: 7.5 | 0% Низкий | 11 месяцев назад |
 | CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
| CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in vers ... | CVSS3: 7.5 | 0% Низкий | 11 месяцев назад |
 | SUSE-SU-2025:1038-1 Security update for podman | 11 месяцев назад | ||
| SUSE-SU-2025:1037-1 Security update for podman | 11 месяцев назад | ||
| SUSE-SU-2025:1036-1 Security update for podman | 11 месяцев назад | ||
| SUSE-RU-2025:02093-1 Recommended update for podman | 8 месяцев назад | ||
| SUSE-RU-2025:02092-1 Recommended update for podman | 8 месяцев назад | ||
| SUSE-RU-2025:02091-1 Recommended update for podman | 8 месяцев назад | ||
| GHSA-93mq-9ffx-83m2 Memory Exhaustion in Expr Parser with Unrestricted Input | CVSS3: 7.5 | 0% Низкий | 11 месяцев назад |
 | BDU:2026-00158 Уязвимость библиотеки для вычислений и анализа выражений Expr, связанная с неограниченным распределением ресурсов, позволяющая нарушителю выполнить отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | 11 месяцев назад |
| SUSE-SU-2025:1285-1 Security update for etcd | 0% Низкий | 10 месяцев назад | |
| SUSE-SU-2025:02769-1 Security update for amber-cli | 0% Низкий | 6 месяцев назад | |
| RLSA-2025:3411 Important: opentelemetry-collector security update | 0% Низкий | 6 месяцев назад |
Уязвимостей на страницу