1683 matches found
protobuf-java: Denial of Service
Background protobuf-java contains the Java bindings for Google's Protocol Buffers. Description Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back and forth between mutable and immutable forms, resulting in...
GLSA-202301-09 : protobuf-java: Denial of Service
The remote host is affected by the vulnerability described in GLSA-202301-09 protobuf-java: Denial of Service - A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple...
DEBIAN-CVE-2022-45409
The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
DEBIAN-CVE-2022-42928
Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...
protobuf-java: timeout in parser leads to DoS
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...
Mozilla: Use-after-free in Garbage Collection
The Mozilla Foundation Security Advisory describes this flaw as: The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash...
Denial of Service (DoS)
Overview google-protobuf is a Google's data interchange format. Affected versions of this package are vulnerable to Denial of Service DoS when providing inputs containing multiple instances of non-repeated embedded messages, with repeated or unknown fields. The vulnerability exists due to a parsi...
Protobuf Java vulnerable to Uncontrolled Resource Consumption
A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...
DEBIAN-CVE-2022-3510
A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...
CVE-2022-3509
A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes...
Code injection
A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...
UBUNTU-CVE-2022-3509
A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes...
Ubuntu 22.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5752-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5752-1 advisory. David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the iouring subsystem in the Linux kernel, leading to a use- after-fr...
SUSE-SU-2022:4281-1 Security update for python3
This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3 implementations. bsc1204577 - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. bsc1203125 The following non-security bug was fixed: - Fixed a...
Google Chrome Security Update (stable-channel-update-for-desktop-2021-10) - Mac OS X
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
RHEL 8 : firefox (RHSA-2022:8554)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:8554 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
Mozilla: Use-after-free in Garbage Collection
The Mozilla Foundation Security Advisory describes this flaw as: The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash...
Mozilla: Use-after-free in Garbage Collection
The Mozilla Foundation Security Advisory describes this flaw as: The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash...
Mozilla: Use-after-free in Garbage Collection
The Mozilla Foundation Security Advisory describes this flaw as: The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash...
Mozilla: Use-after-free in Garbage Collection
The Mozilla Foundation Security Advisory describes this flaw as: The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash...