CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: trivy, datadog-agent, caddy, crossplane-provider-azure-managedidentity, fulcio, kube-bench, rabbitmq-messaging-topology-operator, kube-state-metrics, prometheus-beat-exporter-fips, metacontroller, external-secrets-fips, haproxy-ingress, cadvisor, sonobuoy, hubble-fip...

AZL-35583 CVE-2024-24786 affecting package moby-compose for versions less than 2.17.3-5

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

AZL-35643 CVE-2024-24786 affecting package docker-compose for versions less than 2.27.0-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

Header Injection

org.apache.james: apache-mime4j-core is vulnerable to Header Injection. The vulnerability is due to improper input validation when using MIME4J DOM to compose messages, which allows an attacker to add unintended headers to MIME messages...

AZL-35439 CVE-2024-23653 affecting package docker-compose for versions less than 2.27.0-1

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...

AZL-34081 CVE-2024-23653 affecting package moby-compose for versions less than 2.17.2-7

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...

AZL-34080 CVE-2024-23650 affecting package moby-compose for versions less than 2.17.3-5

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

AZL-35438 CVE-2024-23650 affecting package docker-compose for versions less than 2.27.0-1

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

This Week in Spring - January 23rd, 2024

Hi, Spring fans, and greetings from CERN, home of the famous Large Hadron Collider, where I'm speaking again at the VOXXED Days CERN 2017 event. It's been an amazing almost week here in lovely Switzerland, first in Lugano for VOXXED Days Ticino, and now in Geneva. I'm super excited to be here, bu...

AZL-32224 CVE-2023-48795 affecting package moby-compose for versions less than 2.17.3-5

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

GHSA-Q27H-HW2V-X5JM Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component

An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component...

Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component

An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component...

CVE-2023-47025

An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component...

CVE-2023-47025

An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component...

CVE-2023-47025

An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component...

Authorization

An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component...

CVE-2023-47025

An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component...

PT-2023-30293 · Free5Gc · Free5Gc

Name of the Vulnerable Software and Affected Versions: Free5gc version 3.3.0 Description: The issue allows a local attacker to cause a denial of service via the free5gc-compose component. Recommendations: For Free5gc version 3.3.0, at the moment, there is no information about a newer version that...

CVE-2023-47025

An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component...

free5GC Security Vulnerabilities

free5GC is an open source project for 5th Generation 5G mobile core networks open sourced by free5GC. A security vulnerability exists in free5GC version v3.3.0, which originated from allowing a local attacker to cause a denial of service via the free5gc-compose component...