86 matches found
CVE-2025-64335 Suricata is vulnerable to a null deref when used with base64_data
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64data. This issue has been patched in...
Suricata 代码问题漏洞
Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A code issue vulnerability exists in Suricata versions 8.0.0 through prior to 8.0.2, which stems from the entropy keyword when used with base64data may result in a null pointer dereference...
CVE-2025-62705 OpenBao and Vault Leak []byte Fields in Audit Logs
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64,...
CVE-2025-62705 OpenBao and Vault Leak []byte Fields in Audit Logs
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64,...
CVE-2025-62705
OpenBao (open-source secret management) before version 2.4.2 could emit unredacted data to audit logs when []byte response parameters were used, including base64-encoded data in sys/raw and public keys during Ed25519 signing in Transit. The CVE IDs CVE-2025-62513 and CVE-2025-62705 have fixes in ...
JLSEC-2025-146 A flaw was found in FFmpeg's HLS demuxer
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to the lack of path or file type validation when processing a docx file containing an image with an external link r:link attribute instead of embedded r:embed. The library resolves the URI to a file path and afte...
EUVD-2018-6280
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2023-6601
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded...
CVE-2024-10190
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...
GHSA-MRHH-3GGQ-23P2 Horovod Vulnerable to Command Injection
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...
Horovod Vulnerable to Command Injection
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...
CVE-2024-10190
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...
CVE-2024-10190 Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...
DEBIAN-CVE-2023-6601
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...
UBUNTU-CVE-2023-6601
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...
CVE-2024-23967
Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 chargers. Although...
RHEL 5 : mutt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mutt: buffer overflow via base64 data CVE-2018-14359 - muttssl.c in mutt 1.5.16 and other versions before...
PT-2023-32289 · Unknown · Vue.Js Devtools Extension
Name of the Vulnerable Software and Affected Versions: Vue.js Devtools extension affected versions not specified Description: The Vue.js Devtools extension leaks screenshot data back to a malicious web page via the standard postMessage API. This occurs when a malicious web page with an iFrame...
SUSE CVE-2007-3946
modauth httpauth.c in lighttpd before 1.4.16 allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving 1 a memory leak, 2 use of md5-sess without a cnonce, 3 base64 encoded strings, and 4 trailing whitespace in the Auth-Digest header...