6865 matches found
AZL-52216 CVE-2024-51744 affecting package etcd for versions less than 3.5.18-1
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
AZL-52236 CVE-2024-51744 affecting package etcd for versions less than 3.5.21-1
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
AZL-52278 CVE-2024-51744 affecting package telegraf for versions less than 1.29.4-15
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
AZL-52260 CVE-2024-51744 affecting package azcopy for versions less than 10.25.1-5
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
AZL-52198 CVE-2024-51744 affecting package dcos-cli for versions less than 1.2.0-18
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
AZL-52242 CVE-2024-51744 affecting package rook for versions less than 1.6.2-26
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
AZL-52239 CVE-2024-51744 affecting package keda for versions less than 2.4.0-29
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
AZL-52183 CVE-2024-51744 affecting package cert-manager for versions less than 1.12.15-1
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
UBUNTU-CVE-2024-51744
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
jwt-go 安全漏洞
jwt-go is a Go language JWT implementation of the golang-jwt open source. A security vulnerability exists in jwt-go version 4.5.0 and earlier, which stems from an unspecified leave-behind of the error behavior in ParseWithClaims, which can prevent users from checking for errors in the way they...
OSV-2024-1249 Heap-buffer-overflow in extract_ice_option
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=376100377 Crash type: Heap-buffer-overflow READ 1 Crash state: extracticeoption parsesdpsession parsesdp...
PT-2024-40618 · Git +1 · Kamailio
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash occurs in the following functions: extract ice option, parse sdp session, and parse sdp...
PT-2024-40617 · Git +1 · Kamailio
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A heap-buffer-overflow READ 6 crash has been reported. The crash involves the functions extract fmtp, parse sdp session, and parse mixed content...
SUSE CVE-2024-46478
HTMLDOC v1.9.18 contains a buffer overflow in parsepre function,ps-pdf.cxx:5681...
UBUNTU-CVE-2024-46478
HTMLDOC v1.9.18 contains a buffer overflow in parsepre function,ps-pdf.cxx:5681...
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...
Security update for go1.21-openssl
This update for go1.21-openssl fixes the following issues: CVE-2024-24791: Fixed denial of service due to improper 100-continue handling bsc1227314 CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip bsc1225973 CVE-2024-24790: Fixed unexpected behavior from Is...
PT-2024-40377 · Butterfly · Butterfly
Name of the Vulnerable Software and Affected Versions: Butterfly affected versions not specified Description: The issue allows an attacker to execute arbitrary JavaScript code on the server by using the Butterfly.prototype.parseJSON or getJSON functions on an attacker-controlled crafted input...
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...
Important: Red Hat Security Advisory: Red Hat build of Cryostat security update
An update is now available for the Red Hat build of Cryostat 3 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...