67 matches found
EUVD-2021-1309
Malware in sbrugna...
EUVD-2020-0311
Malware in sbrugna...
EUVD-2023-0438
Malicious code in bioql PyPI...
EUVD-2023-2014
Malicious code in bioql PyPI...
AIDE null pointer dereference when reading incorrectly encoded xattr attributes from database (local DoS)
...
CVE-2025-54409
AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a...
ts-asn1-der 安全漏洞
ts-asn1-der is a set of utility classes in the Apeleg open source for encoding ASN.1 data according to DER rules. A security vulnerability exists in versions of ts-asn1-der prior to 1.0.4, which stems from a numeric DER encoding error that could lead to an infinite loop...
Low: python3.9
Issue Overview: During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header bein...
NASK PIB BotSense 安全漏洞
NASK PIB BotSense is a financial sector protection system from NASK. A security vulnerability exists in NASK PIB BotSense versions prior to 2.8.0, which stems from a string encoding error that could result in the injection of additional field separators in some fields of a generated event...
QNAP Systems QTS和QNAP Systems QuTS hero 安全漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems, Inc.QNAP Systems QTS is an entry operating system.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QNAP Systems QTS and QNAP Systems QuTS hero that stems from t...
UBUNTU-CVE-2024-50035
In the Linux kernel, the following vulnerability has been resolved: ppp: fix pppasyncencode illegal access syzbot reported an issue in pppasyncencode 1 In this case, pppoesendmsg is called with a zero size. Then pppasyncencode is called with an empty skb. BUG: KMSAN: uninit-value in pppasyncencod...
Expected Behavior Violation
Overview Affected versions of this package are vulnerable to Expected Behavior Violation via the HPackParser function when the gRPC client is communicating with an HTTP/2 proxy, allowing the attacker to poison the HPACK table. By manipulating the header encoding and poisoning the HPACK table...
CVE-2024-32669 Possible stack overflow due to a string encoding processing error
Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. However, it occurs in the test code and does not include in the release. This issue affects escargot: 4.0.0...
CVE-2024-32669 Possible stack overflow due to a string encoding processing error
Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. However, it occurs in the test code and does not include in the release. This issue affects escargot: 4.0.0...
PT-2023-35660 · Unknown · Checkstyle
Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, potentially related to encoding issues in the UTF 8.updatePositions and UTF 8$Encoder.encodeArrayLoop functions...
Amazon Linux 2023 : grpc, grpc-cpp, grpc-data (ALAS2023-2023-282)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-282 advisory. 2023-10-12: CVE-2023-4785 was added to this advisory. When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table...
Fedora 38 : grpc (2023-15b3e80753)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-15b3e80753 advisory. Security fix for CVE-2023-32732 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
Froxlor 安全漏洞
Froxlor is a set of lightweight server management software from the Froxlor team. A command execution vulnerability exists in versions prior to froxlor 2.0.21 that stems from an output encoding or escaping error. An attacker can exploit the vulnerability to cause command execution...
CVE-2023-32732
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...
gRPC 安全漏洞
gRPC is a modern, open-source, high-performance Remote Procedure Call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC that stems from a base64 encoding error in the -bin suffix header that causes the gRPC server to disconnect...