Linux Distros Unpatched Vulnerability : CVE-2024-28180

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing...

Amazon Linux 2 : containerd, --advisory ALAS2ECS-2024-040 (ALASECS-2024-040)

The version of containerd installed on the remote host is prior to 1.7.20-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-040 advisory. The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This...

Amazon Linux 2 : containerd (ALASDOCKER-2024-041)

The version of containerd installed on the remote host is prior to 1.7.20-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-041 advisory. 2024-08-27: CVE-2024-24790 was added to this advisory. 2024-08-14: CVE-2023-47108 was removed from this advisory...

Amazon Linux 2023 : nerdctl (ALAS2023-2024-700)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-700 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing...

Medium: nerdctl

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Rocky Linux 9 : skopeo (RLSA-2024:2549)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2549 advisory. - The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshalin...

RHEL 9 : skopeo (RHSA-2024:2549)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2549 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and...

RHEL 8 / 9 : OpenShift Container Platform 4.14.19 (RHSA-2024:1567)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1567 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 8 / 9 : OpenShift Container Platform 4.13.38 (RHSA-2024:1456)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1456 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

CVE-2024-28180

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

[SECURITY] Fedora 36 Update: golang-gopkg-square-jose-2-2.6.0-3.fc36

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. This includes support for JSON Web Encryption, JSON Web Signature, and JSON Web Token standards...