Lucene search
K

3279 matches found

Fedora
Fedora
added 2024/03/31 12:18 a.m.12 views

[SECURITY] Fedora 40 Update: suricata-7.0.4-1.fc40

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.3 views

PT-2026-32580

Name of the Vulnerable Software and Affected Versions Pillow versions 10.3.0 through 12.1.1 Description Lack of limits on the amount of GZIP-compressed data read when decoding a FITS image allows for decompression bomb attacks. A specially crafted FITS file can cause unbounded memory consumption,...

8.7CVSS5.8AI score0.00671EPSS
Exploits2References64
OSV
OSV
added 2024/03/15 6:16 p.m.29 views

GO-2024-2631 Decompression bomb vulnerability in github.com/go-jose/go-jose

An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

4.3CVSS5.5AI score0.01956EPSS
Exploits0References4
Veracode
Veracode
added 2024/03/11 6:2 a.m.27 views

Denial Of Service (DoS)

JWX is vulnerable to Denial of Service DoS. The vulnerability is caused due improper checking of the decompressed data size, allowing an attacker to craft a malicious input with an exceptionally high compression ratio, leading to a Denial of Service DoS condition by consuming excessive memory...

6.8CVSS6.5AI score0.0057EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/03/09 1:15 a.m.21 views

CVE-2024-28180

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS4.9AI score0.01956EPSS
Exploits0References13
OSV
OSV
added 2024/03/09 1:15 a.m.5 views

AZL-35875 CVE-2024-28180 affecting package cert-manager for versions less than 1.12.12-1

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.5 views

AZL-35845 CVE-2024-28180 affecting package kubernetes for versions less than 1.28.4-12

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.9 views

AZL-43831 CVE-2024-28180 affecting package buildah 1.18.0-29

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.6 views

AZL-35881 CVE-2024-28180 affecting package influxdb for versions less than 2.7.3-9

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.4 views

AZL-35842 CVE-2024-28180 affecting package influxdb for versions less than 2.6.1-20

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.5 views

AZL-45180 CVE-2024-28180 affecting package podman for versions less than 5.6.1-2

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.7 views

AZL-35839 CVE-2024-28180 affecting package containerized-data-importer for versions less than 1.55.0-20

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.6 views

AZL-44373 CVE-2024-28180 affecting package buildah for versions less than 1.41.4-2

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.9 views

AZL-35882 CVE-2024-28180 affecting package keda for versions less than 2.14.0-1

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.4 views

AZL-35883 CVE-2024-28180 affecting package kubernetes for versions less than 1.30.1-1

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.5 views

AZL-35849 CVE-2024-28180 affecting package moby-containerd for versions less than 1.6.26-9

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.7 views

AZL-39600 CVE-2024-28180 affecting package cri-o for versions less than 1.21.7-2

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.6 views

AZL-35837 CVE-2024-28180 affecting package cert-manager for versions less than 1.11.2-14

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.7 views

AZL-38130 CVE-2024-28180 affecting package telegraf for versions less than 1.29.4-8

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.4 views

AZL-35840 CVE-2024-28180 affecting package dcos-cli for versions less than 1.2.0-19

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
Rows per page
Query Builder