ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component

Summary An integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. Details The bounds check ptr + fieldlength end in components/api/proto.cpp can overflow when a malicious client sends a large fieldlength value. This affects all...

PT-2024-22374 · Puwell Cloud Tech Co · 360Eyes Pro

Name of the Vulnerable Software and Affected Versions: Puwell Cloud Tech Co, Ltd 360Eyes Pro version 3.9.5.16 Description: The issue allows attackers to intercept and access sensitive information because it transmits this data in cleartext. This includes users' credentials and password change...

PT-2019-11805 · Jenkins · Jenkins Inedo Buildmaster Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Inedo BuildMaster Plugin versions 2.4.0 and earlier Description: The issue concerns the transmission of configured credentials in plain text as part of the global Jenkins configuration form, potentially leading to their exposure...

Fedora 19 : telepathy-gabble-0.17.4-1.fc19 (2013-9753)

"This release fixes a man-in-the-middle attack. If you use an unencrypted connection to a 'legacy Jabber' pre-XMPP server, this version of Gabble will not connect until you make one of these configuration changes : - upgrade the server software to something that supports XMPP 1.0; or - use an...