Security update for podman

This update for podman fixes the following issues: CVE-2025-27144: Fixed gopkg.in/square/go-jose.v2,gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable to Denial of Service bsc1237641: CVE-2024-11218: Fixed...

The vulnerability of the module for signing and encrypting JSON objects in Erlang and Elixir programming languages, namely erlang-jose (JOSE for Erlang), involves an uncontrolled resource consumption. This allows a malicious actor to trigger a service failure.

The vulnerability of the module for signing and encrypting JSON objects in Erlang and Elixir programming languages, namely erlang-jose JOSE for Erlang, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotel...

jose Security Vulnerabilities

jose is a JavaScript module for signing and encrypting JSON objects. A security vulnerability exists in latchset jose 11 and earlier versions that could allow an attacker to cause a denial of service via a large p2c value...

UBUNTU-CVE-2018-16395

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one...

DEBIAN-CVE-2017-12151

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the...

ALPINE-CVE-2017-12151

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the...

PT-2013-1563 · Apache · Apache Cxf

Name of the Vulnerable Software and Affected Versions: Apache CXF versions 2.4.x through 2.4.7 Apache CXF versions 2.5.x through 2.5.3 Apache CXF versions 2.6.x through 2.6.0 Description: The issue arises when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, and the...

apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

Request Tracker 3.x < 3.8.15 / 4.x < 4.0.8 Multiple Vulnerabilities

According to its self-reported version number, the Best Practical Solutions Request Tracker RT running on the remote web server is version 3.x prior to 3.8.15 or version 4.x prior to 4.0.8. It is, therefore, potentially affected by the following vulnerabilities : - Users can inject arbitrary...