Lucene search
K

86 matches found

OSV
OSV
added 2025/11/26 10:39 p.m.6 views

CVE-2025-64335 Suricata is vulnerable to a null deref when used with base64_data

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64data. This issue has been patched in...

7.5CVSS6.7AI score0.00359EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.3 views

Suricata 代码问题漏洞

Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A code issue vulnerability exists in Suricata versions 8.0.0 through prior to 8.0.2, which stems from the entropy keyword when used with base64data may result in a null pointer dereference...

7.5CVSS6.5AI score0.00359EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/22 9:23 p.m.3 views

CVE-2025-62705 OpenBao and Vault Leak []byte Fields in Audit Logs

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64,...

5.7CVSS6.4AI score0.00299EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/22 9:23 p.m.7 views

CVE-2025-62705 OpenBao and Vault Leak []byte Fields in Audit Logs

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64,...

5.7CVSS0.00299EPSS
Exploits0References2
CVE
CVE
added 2025/10/22 9:23 p.m.17 views

CVE-2025-62705

OpenBao (open-source secret management) before version 2.4.2 could emit unredacted data to audit logs when []byte response parameters were used, including base64-encoded data in sys/raw and public keys during Ed25519 signing in Transit. The CVE IDs CVE-2025-62513 and CVE-2025-62705 have fixes in ...

5.7CVSS6.4AI score0.00299EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/10/19 7:8 p.m.4 views

JLSEC-2025-146 A flaw was found in FFmpeg's HLS demuxer

A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...

4.7CVSS6.7AI score0.0039EPSS
Exploits1References1
Snyk
Snyk
added 2025/10/14 8:4 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to the lack of path or file type validation when processing a docx file containing an image with an external link r:link attribute instead of embedded r:embed. The library resolves the URI to a file path and afte...

9.3CVSS7.5AI score0.00921EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-6280

Malware in sbrugna...

9.8CVSS7.8AI score0.04131EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-6601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded...

4.7CVSS5.9AI score0.0039EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/03/22 12:12 p.m.5 views

CVE-2024-10190

Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...

9.8CVSS8.3AI score0.01021EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 12:32 p.m.3 views

GHSA-MRHH-3GGQ-23P2 Horovod Vulnerable to Command Injection

Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...

9.8CVSS7.9AI score0.01021EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.11 views

Horovod Vulnerable to Command Injection

Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...

9.8CVSS8.3AI score0.01021EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/03/20 10:15 a.m.4 views

CVE-2024-10190

Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...

9.8CVSS0.01021EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.8 views

CVE-2024-10190 Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod

Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...

9.8CVSS9.9AI score0.01021EPSS
Exploits1References1
OSV
OSV
added 2025/01/06 5:15 p.m.2 views

DEBIAN-CVE-2023-6601

A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...

4.7CVSS5.7AI score0.0039EPSS
Exploits1References1
OSV
OSV
added 2025/01/06 5:15 p.m.1 views

UBUNTU-CVE-2023-6601

A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...

4.7CVSS6.7AI score0.0039EPSS
Exploits1References3
OSV
OSV
added 2024/09/28 7:15 a.m.1 views

CVE-2024-23967

Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 chargers. Although...

8CVSS6.3AI score0.00892EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.20 views

RHEL 5 : mutt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mutt: buffer overflow via base64 data CVE-2018-14359 - muttssl.c in mutt 1.5.16 and other versions before...

9.8CVSS8.2AI score0.06229EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/10/23 12:0 a.m.4 views

PT-2023-32289 · Unknown · Vue.Js Devtools Extension

Name of the Vulnerable Software and Affected Versions: Vue.js Devtools extension affected versions not specified Description: The Vue.js Devtools extension leaks screenshot data back to a malicious web page via the standard postMessage API. This occurs when a malicious web page with an iFrame...

4.3CVSS4.4AI score0.00248EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.4 views

SUSE CVE-2007-3946

modauth httpauth.c in lighttpd before 1.4.16 allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving 1 a memory leak, 2 use of md5-sess without a cnonce, 3 base64 encoded strings, and 4 trailing whitespace in the Auth-Digest header...

6.4CVSS6.9AI score0.03422EPSS
Exploits0References4
Rows per page
Query Builder