44 matches found
CVE-2025-65637
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...
From Trace to Line: LLM Agent for Real-World OSS Vulnerability Localization
Large language models show promise for vulnerability discovery, yet prevailing methods inspect code in isolation, struggle with long contexts, and focus on coarse function- or file-level detections - offering limited actionable guidance to engineers who need precise line-level localization and...
Heap-based Buffer Overflow
Overview nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments. Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the HTTP/Sagemaker request handler components when parsing chunked HTTP bodies. An...
PT-2025-49116
Name of the Vulnerable Software and Affected Versions logrus versions prior to 1.8.3 logrus versions 1.9.0 logrus versions 1.9.2 Description A denial-of-service issue exists in logrus when utilizing Entry.Writer to log a single-line payload exceeding 64KB without newline characters. The internal...
OESA-2024-1927 exim security update
Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...
OESA-2024-1928 exim security update
Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...
Astra Linux – Vulnerability in exim4
Before version 4.97.1, Exim allowed SMTP smuggling in certain pipeline/chunking configurations. Remote attackers could use a known exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, thereby bypassing an SPF protection mechanism. This issue arises because Exim...
GO-2024-2597 Integer overflow in chunking helper causes dispatching to miss elements or panic in github.com/authzed/spicedb
Integer overflow in chunking helper causes dispatching to miss elements or panic in github.com/authzed/spicedb...
GHSA-H3M7-RQC4-7H9P Integer overflow in chunking helper causes dispatching to miss elements or panic
Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The issue may also lead to a panic rendering the server unavailable The following API methods are affected: - CheckPermission -...
Integer overflow in chunking helper causes dispatching to miss elements or panic
Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The issue may also lead to a panic rendering the server unavailable The following API methods are affected: - CheckPermission -...
Integer overflow
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...
CVE-2024-27101 Integer overflow in chunking helper causes dispatching to miss elements or panic
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...
CVE-2024-27101 Integer overflow in chunking helper causes dispatching to miss elements or panic
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...
Fedora 38 : exim (2024-e0841c83bb)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e0841c83bb advisory. Security fix for CVE-2023-51766. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...
SUSE CVE-2023-51766
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...
DEBIAN-CVE-2023-51766
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...
UBUNTU-CVE-2023-51766
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...
Squid security vulnerability
Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in versions prior to Squid 6.4, which stems from improper handling of the chunking...
[SECURITY] Fedora 34 Update: zchunk-1.2.2-1.fc34
zchunk is a compressed file format that splits the file into independent chunks. This allows you to only download the differences when downloading a new version of the file, and also makes zchunk files efficient over rsync. zchunk files are protected with strong checksums to verify that the file...
Website Security Dog suffers from post chunking transfer bypass vulnerability
Website Security Dog is a server security protection software, is for IDC operators, web hosting service providers, enterprise hosts, server administrators and other users to provide server security prevention of the practical system, is a combination of website content security protection, websi...