OESA-2024-1645 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used lar...

RHCOS 4 : OpenShift Container Platform 4.14.24 (RHSA-2024:2672)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2672 advisory. - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 - buildah: full container escape ...

NETGEAR RAX30 安全漏洞

NETGEAR RAX30 is a dual-band wireless router from NETGEAR. A security vulnerability exists in NETGEAR RAX30 that originates from a buffer overflow vulnerability during JSON data processing...

SUSE CVE-2024-3858

It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox 125...

cJSON 安全漏洞

cJSON is a lightweight open source JSON parser. A security vulnerability exists in cJSON version v1.7.17, which stems from the inclusion of a segmentation violation, and can be triggered by the second parameter of the cJSONSetValuestring function in cJSON.c. The vulnerability can be exploited by...

OESA-2024-1471 jose security update

José is a C-language implementation of the Javascript Object Signing and Encryption standards. José provides a command-line utility which encompasses most of the JOSE features. This allows for easy integration into your project and one-off scripts. Security Fixes: latchset jose through version 11...

GHSA-82JV-9WJW-PQH6 Prototype pollution in emit function

Summary A prototype pollution in derby can crash the application, if the application author has atypical HTML templates that feed user input into an object key. Attribute keys are almost always developer-controlled, not end-user-controlled, so this shouldn't be an issue in practice for most...

Prototype pollution in emit function

Summary A prototype pollution in derby can crash the application, if the application author has atypical HTML templates that feed user input into an object key. Attribute keys are almost always developer-controlled, not end-user-controlled, so this shouldn't be an issue in practice for most...

CVE-2024-3858

It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox 125...

CVE-2024-3858

It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox 125...

UBUNTU-CVE-2024-3858

It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox 125...

Fedora 39 : prometheus-podman-exporter (2024-a8a4ce2864)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a8a4ce2864 advisory. release v1.11.0 ---- release v1.10.1 ---- release v1.10.0 Tenable has extracted the preceding description block directly from the Fedora security advisory...

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...

RHCOS 4 : OpenShift Container Platform 4.13.38 (RHSA-2024:1456)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1456 advisory. - golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms ...

PT-2024-21427 · Vseeface · Vseeface

Name of the Vulnerable Software and Affected Versions: VSeeFace versions 1.13.38.c2 and earlier Description: The issue allows attackers to cause a denial of service, resulting in an application hang, via a spoofed UDP packet containing at least 10 digits in JSON data. Recommendations: For version...

USN-6713-1 qpdf vulnerability

It was discovered that QPDF incorrectly handled certain memory operations when decoding JSON files. If a user or automated system were tricked into processing a specially crafted JSON file, QPDF could be made to crash, resulting in a denial of service, or possibly execute arbitrary code...

UBUNTU-CVE-2024-29943

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox 124.0.1...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability caused by an out-of-bounds read or write to a JavaScript object. An attacker could exploit the vulnerability to execute arbitrary code or cau...

Code injection

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

CVE-2024-28180

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...