CVE-2025-30204 affecting package dcos-cli for versions less than 1.2.0-21

CVE-2025-30204 affecting package dcos-cli for versions less than 1.2.0-21. A patched version of the package is available...

CVE-2025-30204 affecting package dcos-cli for versions less than 1.2.0-24

CVE-2025-30204 affecting package dcos-cli for versions less than 1.2.0-24. A patched version of the package is available...

Azure Linux 3.0 Security Update: dcos-cli (CVE-2020-26160)

The version of dcos-cli installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-26160 advisory. - jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with...

CVE-2025-65637 affecting package dcos-cli for versions less than 1.2.0-20

CVE-2025-65637 affecting package dcos-cli for versions less than 1.2.0-20. A patched version of the package is available...

AZL-71516 CVE-2025-65637 affecting package dcos-cli for versions less than 1.2.0-20

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

AZL-71572 CVE-2025-65637 affecting package dcos-cli for versions less than 1.2.0-23

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

CVE-2024-51744 affecting package dcos-cli for versions less than 1.2.0-18

CVE-2024-51744 affecting package dcos-cli for versions less than 1.2.0-18. A patched version of the package is available...

CVE-2024-51744 affecting package dcos-cli for versions less than 1.2.0-21

CVE-2024-51744 affecting package dcos-cli for versions less than 1.2.0-21. A patched version of the package is available...

CVE-2025-27144 affecting package dcos-cli for versions less than 1.2.0-17

CVE-2025-27144 affecting package dcos-cli for versions less than 1.2.0-17. A patched version of the package is available...

AZL-77496 CVE-2025-30204 affecting package dcos-cli for versions less than 1.2.0-24

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

AZL-77498 CVE-2025-30204 affecting package dcos-cli 1.2.0-20

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

Azure Linux 3.0 Security Update: cert-manager / containerd / containerd2 / containerized-data-importer / dcos-cli / influxdb (CVE-2025-27144)

The version of cert-manager / containerd / containerd2 / containerized-data-importer / dcos-cli / influxdb installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27144 advisory. - Go JOSE provides an...

CVE-2025-27144 affecting package dcos-cli for versions less than 1.2.0-20

CVE-2025-27144 affecting package dcos-cli for versions less than 1.2.0-20. A patched version of the package is available...

AZL-57201 CVE-2025-27144 affecting package dcos-cli for versions less than 1.2.0-20

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

AZL-57102 CVE-2025-27144 affecting package dcos-cli for versions less than 1.2.0-17

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

Azure Linux 3.0 Security Update: cert-manager / containerized-data-importer / cri-o / dcos-cli / keda / kubernetes (CVE-2024-28180)

The version of cert-manager / containerized-data-importer / cri-o / dcos-cli / keda / kubernetes installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28180 advisory. - Package jose aims to provide an...

CVE-2024-28180 affecting package dcos-cli for versions less than 1.2.0-16

CVE-2024-28180 affecting package dcos-cli for versions less than 1.2.0-16. A patched version of the package is available...

CVE-2024-28180 affecting package dcos-cli for versions less than 1.2.0-19

CVE-2024-28180 affecting package dcos-cli for versions less than 1.2.0-19. A patched version of the package is available...

CVE-2020-26160 affecting package dcos-cli for versions less than 1.2.0-15

CVE-2020-26160 affecting package dcos-cli for versions less than 1.2.0-15. A patched version of the package is available...

AZL-35879 CVE-2024-28180 affecting package dcos-cli for versions less than 1.2.0-16

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...