3279 matches found
[SECURITY] Fedora 40 Update: suricata-7.0.4-1.fc40
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
PT-2026-32580
Name of the Vulnerable Software and Affected Versions Pillow versions 10.3.0 through 12.1.1 Description Lack of limits on the amount of GZIP-compressed data read when decoding a FITS image allows for decompression bomb attacks. A specially crafted FITS file can cause unbounded memory consumption,...
GO-2024-2631 Decompression bomb vulnerability in github.com/go-jose/go-jose
An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...
Denial Of Service (DoS)
JWX is vulnerable to Denial of Service DoS. The vulnerability is caused due improper checking of the decompressed data size, allowing an attacker to craft a malicious input with an exceptionally high compression ratio, leading to a Denial of Service DoS condition by consuming excessive memory...
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-35875 CVE-2024-28180 affecting package cert-manager for versions less than 1.12.12-1
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-35845 CVE-2024-28180 affecting package kubernetes for versions less than 1.28.4-12
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-43831 CVE-2024-28180 affecting package buildah 1.18.0-29
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-35881 CVE-2024-28180 affecting package influxdb for versions less than 2.7.3-9
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-35842 CVE-2024-28180 affecting package influxdb for versions less than 2.6.1-20
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-45180 CVE-2024-28180 affecting package podman for versions less than 5.6.1-2
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-35839 CVE-2024-28180 affecting package containerized-data-importer for versions less than 1.55.0-20
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-44373 CVE-2024-28180 affecting package buildah for versions less than 1.41.4-2
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-35882 CVE-2024-28180 affecting package keda for versions less than 2.14.0-1
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-35883 CVE-2024-28180 affecting package kubernetes for versions less than 1.30.1-1
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-35849 CVE-2024-28180 affecting package moby-containerd for versions less than 1.6.26-9
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-39600 CVE-2024-28180 affecting package cri-o for versions less than 1.21.7-2
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-35837 CVE-2024-28180 affecting package cert-manager for versions less than 1.11.2-14
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-38130 CVE-2024-28180 affecting package telegraf for versions less than 1.29.4-8
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-35840 CVE-2024-28180 affecting package dcos-cli for versions less than 1.2.0-19
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...