780 matches found
CVE-2017-20201
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...
CVE-2017-20201 CCleaner v5.33.6162 & CCleaner Cloud v1.07.3191 Malicious Backdoor Supply Chain Compromise
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...
CVE-2017-20201
CVE-2017-20201 affects CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit). A malicious pre-entry-point loader diverts from __scrt_common_main_seh to a custom loader that decodes an embedded blob into shellcode, allocates executable memory, resolves Windows API calls at runtime, and transf...
CVE-2017-20201 CCleaner v5.33.6162 & CCleaner Cloud v1.07.3191 Malicious Backdoor Supply Chain Compromise
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...
EUVD-2025-33278
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...
CVE-2025-9970
Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21...
CVE-2025-9970 Application credential stored in clear text in memory
Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21...
Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
Summary Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or more can consume equivalent process memory, potentially leading to out-of-memory OOM...
GHSA-W9PC-FMGC-VXVW Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
Summary Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or more can consume equivalent process memory, potentially leading to out-of-memory OOM...
EUVD-2025-32851
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
CVE-2025-61771 Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
EUVD-2008-2593
Malware in sbrugna...
EUVD-2008-2594
Malware in sbrugna...
EUVD-2020-12739
Malware in sbrugna...
Rack 资源管理错误漏洞
Rack is a modular Ruby web server interface open-sourced by Rack. A resource management error vulnerability exists in Rack versions prior to 2.2.19, prior to 3.1.17, and prior to 3.2.2, which stems from Rack::Multipart::Parser storing non-document form fields entirely in memory, potentially leadi...
CVE-2025-58583 User Enumeration
The application provides access to a login protected H2 database for caching purposes. The username is prefilled...
PT-2025-40863
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The application provides access to a login-protected H2 database used for caching. The username is prefilled, potentially allowing unauthorized access if defaul...
EUVD-2023-29130
Malicious code in bioql PyPI...
EUVD-2022-1912
Malicious code in bioql PyPI...
EUVD-2023-32480
Malicious code in bioql PyPI...