Количество 57
Количество 57
RLSA-2024:2549
Moderate: skopeo security and bug fix update
ELSA-2024-2549
ELSA-2024-2549: skopeo security and bug fix update (MODERATE)
SUSE-SU-2024:3186-1
Security update for buildah
SUSE-SU-2024:3151-1
Security update for buildah
RLSA-2024:3254
Important: container-tools:rhel8 security update
ELSA-2024-3254
ELSA-2024-3254: container-tools:ol8 security update (IMPORTANT)
SUSE-SU-2024:3120-1
Security update for buildah, docker
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Objec ...
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
CVE-2024-24786
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmar ...
SUSE-SU-2025:0066-1
Security update for apptainer
SUSE-SU-2024:2754-1
Security update for skopeo
GHSA-c5q2-7r4c-mv6g
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2024:2549 Moderate: skopeo security and bug fix update | больше 1 года назад | ||
| ELSA-2024-2549 ELSA-2024-2549: skopeo security and bug fix update (MODERATE) | больше 1 года назад | ||
 | SUSE-SU-2024:3186-1 Security update for buildah | больше 1 года назад | ||
| SUSE-SU-2024:3151-1 Security update for buildah | больше 1 года назад | ||
| RLSA-2024:3254 Important: container-tools:rhel8 security update | больше 1 года назад | ||
| ELSA-2024-3254 ELSA-2024-3254: container-tools:ol8 security update (IMPORTANT) | больше 1 года назад | ||
| SUSE-SU-2024:3120-1 Security update for buildah, docker | больше 1 года назад | ||
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 4% Низкий | почти 2 года назад |
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 4% Низкий | почти 2 года назад |
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 4% Низкий | почти 2 года назад |
 | CVSS3: 4.3 | 4% Низкий | больше 1 года назад | |
| CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Objec ... | CVSS3: 4.3 | 4% Низкий | почти 2 года назад |
| CVE-2024-24786 The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
| CVE-2024-24786 The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | CVSS3: 5.9 | 0% Низкий | почти 2 года назад |
| CVE-2024-24786 The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
| CVSS3: 7.5 | 0% Низкий | больше 1 года назад | |
| CVE-2024-24786 The protojson.Unmarshal function can enter an infinite loop when unmar ... | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
| SUSE-SU-2025:0066-1 Security update for apptainer | 4% Низкий | около 1 года назад | |
| SUSE-SU-2024:2754-1 Security update for skopeo | 4% Низкий | больше 1 года назад | |
| GHSA-c5q2-7r4c-mv6g Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) | CVSS3: 4.3 | 4% Низкий | почти 2 года назад |
Уязвимостей на страницу