1400 matches found
CVE-2026-52756 Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server
Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf message...
ESP-IDF 安全漏洞
ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0 of ESP-IDF contain security vulnerabilities. These vulnerabilities stem from a buffer overflow in the session setting path of the protocomm...
EulerOS 2.0 SP11 : protobuf (EulerOS-SA-2026-2223)
According to the versions of the protobuf packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypasse...
EulerOS 2.0 SP11 : protobuf (EulerOS-SA-2026-2260)
According to the versions of the protobuf packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypasse...
EulerOS Virtualization 2.10.0 : protobuf (EulerOS-SA-2026-2059)
According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...
EulerOS Virtualization 2.13.0 : protobuf (EulerOS-SA-2026-2182)
According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...
EulerOS Virtualization 2.12.0 : protobuf (EulerOS-SA-2026-2109)
According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...
EulerOS Virtualization 2.12.1 : protobuf (EulerOS-SA-2026-2084)
According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...
EulerOS Virtualization 2.13.1 : protobuf (EulerOS-SA-2026-2143)
According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...
CVE-2026-40891
OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry over gRPC using the OpenTelemetry Protocol OTLP, the exporter may parse a server-provided grpc-status-details-bin trailer during retry handling. Prior to the fix, a malformed trailer could...
CVE-2026-6409
A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability...
PT-2026-48345
Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator txVersionChecker.CheckTxVersion dereferences tx.RawData.Version with no nil check. A protobuf Transaction whose embedded RawData...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses protobuf-4.21.12-cp37-abi3-manylinux2014_x86_64.whl and protobuf-4.25.7-cp37-abi3-manylinux2014_x86_64.whl which is vulnerable to CVE-2025-4565
Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses protobuf-4.21.12-cp37-abi3-manylinux2014x8664.whl and protobuf-4.25.7-cp37-abi3-manylinux2014x8664.whl which is vulnerable to CVE-2025-4565.This bulletin contains information addressing the vulnerability. Vulnerabili...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses protobuf-4.25.3-cp37-abi3-manylinux2014_x86_64.whl, protobuf-6.33.4-cp39-abi3-manylinux2014_x86_64.whl which is vulnerable to CVE-2026-0994
Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses Security Bulletin: IBM Maximo Application Suite - Monitor Component uses protobuf-4.25.3-cp37-abi3-manylinux2014x8664.whl, protobuf-6.33.4-cp39-abi3-manylinux2014x8664.whl which is vulnerable to CVE-2026-0994.This...
SUSE CVE-2023-43632
As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The communication with this server is done using...
Denial Of Service (DoS)
Wire is vulnerable to Denial of Service DoS. The vulnerability is due to improper validation of negative lengths in protobuf group-skipping logic, which allows an attacker to trigger an unchecked runtime exception and crash applications processing crafted protobuf payloads...
Astra Linux – Vulnerability in protobuf-c, libsignal-protocol-c
Protobuf-c before version 1.4.1 has an unsigned integer overflow in the parserequiredmember field...
Astra Linux – Vulnerability in protobuf
A parsing vulnerability exists for the MessageSet type in ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1, and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1, and 4.21.5 for protobuf-python. A specially...
Astra Linux – Vulnerability in protobuf
A issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in a way that would cause them to be processed out of order. A small malicious payload can occupy the parser for several minutes by creating a large number of short-lived objects, resulting in frequent...
Astra Linux – Vulnerability in protobuf
Any project that uses the Protobuf Pure-Python backend to parse untrusted Protocol Buffers data—which may contain an arbitrary number of recursive groups, recursive messages, or a series of SGROUP tags—can be corrupted when the Python recursion limit is exceeded. This can lead to a...