Lucene search
K

50 matches found

OSV
OSV
added 2024/03/05 11:15 p.m.5 views

AZL-35669 CVE-2024-24786 affecting package packer for versions less than 1.9.5-3

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.6AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2023/12/18 4:15 p.m.6 views

AZL-35099 CVE-2023-48795 affecting package packer for versions less than 1.9.5-1

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

5.9CVSS6.9AI score0.93305EPSS
Exploits4References1
OSV
OSV
added 2023/12/18 4:15 p.m.16 views

AZL-32225 CVE-2023-48795 affecting package packer for versions less than 1.9.5-3

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

5.9CVSS6.9AI score0.93305EPSS
Exploits4References1
OSV
OSV
added 2023/02/16 7:15 p.m.7 views

AZL-13586 CVE-2023-0475 affecting package packer for versions less than 1.8.7-1

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

6.5CVSS6.5AI score0.00454EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.3 views

SUSE CVE-2020-27788

An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack function of plxelf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service...

5.5CVSS6AI score0.00316EPSS
Exploits1References3
OSV
OSV
added 2022/12/27 10:15 p.m.5 views

AZL-40841 CVE-2022-3064 affecting package packer for versions less than 1.9.5-1

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...

7.5CVSS7.1AI score0.017EPSS
Exploits0References1
OSV
OSV
added 2022/10/11 11:15 p.m.6 views

AZL-11115 CVE-2022-42717 affecting package packer for versions less than 1.8.7-1

An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...

7.8CVSS6AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/10/11 12:0 a.m.5 views

Hashicorp Packer 安全漏洞

HashiCorp Hashicorp Packer is a free and open source tool from the US company HashiCorp. It is used to create gold images for multiple platforms from a single source configuration. A security vulnerability exists in Hashicorp Packer versions prior to 2.3.1, which stems from the fact that the...

7.8CVSS7.6AI score0.00227EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/14 12:0 a.m.5 views

UPX 缓冲区错误漏洞

UPX is an open source executable file packaging program that supports a variety of file formats from different operating systems. A heap buffer overflow vulnerability exists in UPX version 4.0.0. The vulnerability stems from an imperfect check in plxelf.cpp. No detailed vulnerability details are...

7.1CVSS5.9AI score0.01076EPSS
Exploits1References6
Cvelist
Cvelist
added 2019/12/18 6:30 p.m.25 views

CVE-2019-19689

Trend Micro HouseCall for Home Networks versions below 5.3.0.1063 could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses...

7.6AI score0.00559EPSS
Exploits0References1
Rows per page
Query Builder