Количество 61
Количество 61
RLSA-2024:2549
Moderate: skopeo security and bug fix update
ELSA-2024-2549
ELSA-2024-2549: skopeo security and bug fix update (MODERATE)
SUSE-SU-2024:3186-1
Security update for buildah
SUSE-SU-2024:3151-1
Security update for buildah
RLSA-2024:3254
Important: container-tools:rhel8 security update
ELSA-2024-3254
ELSA-2024-3254: container-tools:ol8 security update (IMPORTANT)
SUSE-SU-2024:3120-1
Security update for buildah, docker
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Objec ...
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
CVE-2024-24786
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmar ...
SUSE-SU-2025:0066-1
Security update for apptainer
SUSE-SU-2024:2754-1
Security update for skopeo
GHSA-c5q2-7r4c-mv6g
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2024:2549 Moderate: skopeo security and bug fix update | около 2 лет назад | ||
| ELSA-2024-2549 ELSA-2024-2549: skopeo security and bug fix update (MODERATE) | около 2 лет назад | ||
 | SUSE-SU-2024:3186-1 Security update for buildah | почти 2 года назад | ||
| SUSE-SU-2024:3151-1 Security update for buildah | почти 2 года назад | ||
| RLSA-2024:3254 Important: container-tools:rhel8 security update | около 2 лет назад | ||
| ELSA-2024-3254 ELSA-2024-3254: container-tools:ol8 security update (IMPORTANT) | около 2 лет назад | ||
| SUSE-SU-2024:3120-1 Security update for buildah, docker | почти 2 года назад | ||
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 2% Низкий | больше 2 лет назад |
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 2% Низкий | больше 2 лет назад |
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 2% Низкий | больше 2 лет назад |
 | CVSS3: 4.3 | 2% Низкий | больше 1 года назад | |
| CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Objec ... | CVSS3: 4.3 | 2% Низкий | больше 2 лет назад |
| CVE-2024-24786 The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | CVSS3: 7.5 | 1% Низкий | больше 2 лет назад |
| CVE-2024-24786 The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | CVSS3: 5.9 | 1% Низкий | больше 2 лет назад |
| CVE-2024-24786 The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | CVSS3: 7.5 | 1% Низкий | больше 2 лет назад |
| 1% Низкий | больше 2 лет назад | ||
| CVE-2024-24786 The protojson.Unmarshal function can enter an infinite loop when unmar ... | CVSS3: 7.5 | 1% Низкий | больше 2 лет назад |
| SUSE-SU-2025:0066-1 Security update for apptainer | 2% Низкий | больше 1 года назад | |
| SUSE-SU-2024:2754-1 Security update for skopeo | 2% Низкий | почти 2 года назад | |
| GHSA-c5q2-7r4c-mv6g Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) | CVSS3: 4.3 | 2% Низкий | больше 2 лет назад |
Уязвимостей на страницу