OESA-2024-1504 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small...

OESA-2024-1503 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small...

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

PYSEC-2024-233

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

PYSEC-2024-233

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

DEBIAN-CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

UBUNTU-CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

python-jose 安全漏洞

python-jose is a JOSE implementation in Python by the individual developer Michael Davis. A security vulnerability exists in python-jose 3.3.0 and earlier versions that originated from allowing an attacker to cause a denial of service via a specially crafted high-compression rate JSON Web...

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

[SECURITY] Fedora 40 Update: upx-4.2.3-1.fc40

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

Medium: python3

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

Amazon Linux 2 : python3 (ALAS-2024-2515)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2515 advisory. An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The...

SoumniBot: the new Android banker’s unique techniques

The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2024-588)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-588 advisory. An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to quoted-overlap zip-bombs which exploit the...

Peplink Smart Reader web interface /cgi-bin/debug_dump.cgi information disclosure vulnerability

Talos Vulnerability Report TALOS-2023-1863 Peplink Smart Reader web interface /cgi-bin/debugdump.cgi information disclosure vulnerability April 17, 2024 CVE Number CVE-2023-43491 SUMMARY An information disclosure vulnerability exists in the web interface /cgi-bin/debugdump.cgi functionality of...

[SECURITY] Fedora 38 Update: upx-4.2.3-1.fc38

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

Backdoor in XZ Utils That Almost Happened

Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention--but it should. There’s an important moral to the story of the attack and its discovery: The...

SUSE CVE-2024-26721

In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsc: Fix the macro that calculates DSCC/DSCA PPS reg address Commit bd077259d0a9 "drm/i915/vdsc: Add function to read any PPS register" defines a new macro to calculate the DSC PPS register addresses with PPS number as a...

[SECURITY] Fedora 39 Update: upx-4.2.3-1.fc39

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

GHSA-W7HM-HMXV-PVHF HPACK decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error. Example code that triggers this vulnerability looks like this: rust use hpack::Decoder; pub fn main let input = &0x3f; let mut decoder = Decoder::new;...