46 matches found
Astra Linux - уязвимость в protobuf
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups/series of SGROUP tags can be corrupted due to exceeding the stack limit, i.e., StackOverflow. Parsing nested groups as unknown fields using the DiscardUnknownFieldsParser or the Java Protobuf...
protobuf: StackOverflow vulnerability in Protocol Buffers
A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...
Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls
Summary A DoS can occur that immediately halts the system due to the use of an unsafe function. Details According to RFC 5322, nested group structures a group inside another group are not allowed. Therefore, in lib/addressparser/index.js, the email address parser performs flattening when nested...
GHSA-RCMH-QJQH-P98V Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls
Summary A DoS can occur that immediately halts the system due to the use of an unsafe function. Details According to RFC 5322, nested group structures a group inside another group are not allowed. Therefore, in lib/addressparser/index.js, the email address parser performs flattening when nested...
Uncontrolled Recursion
Overview org.webjars.npm:nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to Uncontrolled Recursion in the addressparser function. An attacker can cause the process to terminate immediately by sending an email address...
TencentOS Server 4: protobuf (TSSA-2024:0556)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0556 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EUVD-2024-54086
Malicious code in bioql PyPI...
CVE-2025-10224
Improper Authentication CWE-287 in the LDAP authentication engine in AxxonSoft Axxon One C-Werk 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login...
CVE-2025-10224
Improper Authentication CWE-287 in the LDAP authentication engine in AxxonSoft Axxon One C-Werk 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login...
CVE-2025-10224
Improper Authentication CWE-287 in the LDAP authentication engine in AxxonSoft Axxon One C-Werk 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login...
CVE-2025-10224
The CVE-2025-10224 entry concerns AxxonSoft Axxon One (C-Werk) prior to or equal to 2.0.2 on Windows, where the LDAP authentication engine improperly evaluates nested LDAP group memberships. This allows a remote authenticated user to be denied access or receive misassigned roles during login. The...
CVE-2025-10224 Incorrect Evaluation of LDAP Nested Groups during Login in AxxonSoft Axxon One (C-Werk)
Improper Authentication CWE-287 in the LDAP authentication engine in AxxonSoft Axxon One C-Werk 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login...
CVE-2025-10224 Incorrect Evaluation of LDAP Nested Groups during Login in AxxonSoft Axxon One (C-Werk)
Improper Authentication CWE-287 in the LDAP authentication engine in AxxonSoft Axxon One C-Werk 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login...
PT-2025-37043
Name of the Vulnerable Software and Affected Versions: AxxonSoft Axxon One versions 2.0.2 and earlier Description: The LDAP authentication engine in AxxonSoft Axxon One has an improper authentication issue. A remote authenticated user may be denied access or misassigned roles due to incorrect...
Linux Distros Unpatched Vulnerability : CVE-2024-7254
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the...
Security Bulletin: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit, affect watsonx.data
Summary Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the search function. An attacker can occupy excessive system resources by passing a malicious string with nested groups as the query parameter. PoC https://xxxx.sso.com/search?query=.11...
GHSA-PWF9-Q62P-V7WC Wire has Uncontrolled Recursion on Nested Groups
Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt...
Wire has Uncontrolled Recursion on Nested Groups
Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to improper enforcement of recursion limits in ByteArrayProtoReader32.kt and ProtoReader.kt. An attacker can cause a denial of service by sending deeply nested group structures. Remediation Upgrade...