109 matches found
EUVD-2022-3322
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-5209
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a...
RabbitMQ 日志信息泄露漏洞
RabbitMQ is a feature-rich multi-protocol messaging and streaming agent open-sourced by RabbitMQ. A log information disclosure vulnerability exists in RabbitMQ 3.13.7 and earlier versions, which stems from plaintext logging of base64-encoded authorization headers in the log...
CVE-2024-24560
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 overlapping with the input buffer. When checking RETURNDATASIZE for dynamic...
CVE-2024-10190
Horovod CVE-2024-10190 affects v0.28.1 and earlier. The vulnerability is due to ElasticRendezvousHandler.do_PUT/_put_value decoding base64 data and ultimately calling cloudpickle.loads, enabling an unauthenticated attacker to supply a malicious pickle object via a PUT request and achieve arbitrar...
Improper Handling of Syntactically Invalid Structure
Overview Affected versions of this package are vulnerable to Improper Handling of Syntactically Invalid Structure due to the parsing process. An attacker can cause the application to crash by sending specially crafted BER/DER data. Remediation Upgrade swift-asn1 to version 1.3.1 or higher...
CVE-2023-6601
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...
PT-2024-15022 · FFmpeg +1 · Ffmpeg +1
Name of the Vulnerable Software and Affected Versions: FFmpeg affected versions not specified Description: A flaw was found in FFmpeg's HLS demuxer, allowing bypassing of unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file...
PT-2024-35158 · Craft · Craft
Name of the Vulnerable Software and Affected Versions: Craft versions prior to 4.12.8 Craft versions prior to 5.4.9 Description: The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file...
Amazon Linux 2 : oci-add-hooks (ALASDOCKER-2024-042)
The version of oci-add-hooks installed on the remote host is prior to 0-0.2.20200504git325a340. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2024-042 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessi...
Amazon Linux 2 : cri-tools (ALAS-2024-2568)
The version of cri-tools installed on the remote host is prior to 1.29.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2568 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...
Out-of-bounds Read
libfreerdp.so is vulnerable to an out-of-bounds read. This vulnerability is due to inadequate bounds checking in the planarskipplanerle function, leading to potential out-of-bounds reads when processing RLE-encoded data...
CentOS 7 : rhc-worker-script (RHSA-2024:2625)
The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2625 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK sta...
AlmaLinux 9 : golang (ALSA-2024:1963)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1963 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state...
Updated golang packages fix security vulnerability
CVE-2023-45288: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
net/http, x/net/http2: close connections when receiving too many headers
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
CVE-2023-45288 HTTP/2 CONTINUATION flood in net/http
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
forgejo -- HTTP/2 CONTINUATION flood in net/http
[email protected] reports: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's heade...