CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

AZL-70387 CVE-2025-10158 affecting package rsync for versions less than 3.4.1-2

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

DEBIAN-CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

UBUNTU-CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

CVE-2025-10158

CVE-2025-10158 affects rsync across multiple distros. The issue is a potential out-of-bounds read on a heap buffer triggered by a negative array index when a malicious client acts as the receiver of an rsync transfer. Exploitation requires at least read access to the remote rsync module. Publicly...

CVE-2025-10158 Rsync: Out of bounds array access via negative index

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

CVE-2025-10158 Rsync: Out of bounds array access via negative index

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

EUVD-2020-28144

Malware in sbrugna...

EUVD-2016-1242

Malware in sbrugna...

CVE-2020-26272

The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame,...

PYSEC-2024-259

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

Malicious code in one-host-remote-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0c1701ddae4f18ae98068db0679d932010b9908128879e61b3d39f67afeb48dc The OpenSSF Package Analysis project identified 'one-host-remote-module' @ 3.3.3 npm as malicious. It is considered malicious because: - The...

IPC messages delivered to the wrong frame

Overview IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app does ANY of the following, then it is impacted by this issue: - Uses...

CVE-2020-26272

The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame,...

Design/Logic Flaw

The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, c...

CVE-2020-26272

CVE-2020-26272 (Electron IPC frame routing) : In Electron, IPC messages sent from the main process to a subframe in the renderer process (via webContents.sendToFrame , or in handlers using event.reply or the remote module) can be delivered to the wrong frame in versions before fixed releases. Aff...

CVE-2020-26272 Electron vulnerable to ID collision when routing IPC messages to renderers containing OOPIFs

The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame,...

CVE-2020-7004

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application...

CVE-2020-7008

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources...

CVE-2020-10601

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...