CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

46 matches found

CNNVD•added 2025/03/16 12:0 a.m.•1 views

Square Wire 安全漏洞

Square Wire is an open source protocol buffer processing library open-sourced by Square in the United States, mainly used for efficient data serialization and deserialization. A security vulnerability exists in Square Wire versions prior to 5.2.0, which stems from not enforcing a recursion...

5.8CVSS6.6AI score0.00013EPSS

Exploits0References4

Cvelist•added 2025/03/16 12:0 a.m.•13 views

CVE-2024-58103

Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt...

5.8CVSS0.00013EPSS

Exploits0References2

OSV•added 2025/02/21 1:35 p.m.•9 views

OESA-2025-1144 protobuf security update

Protocol Buffers a.k.a., protobuf are Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data. You can find protobuf's documentation on the Google Developers site. Security Fixes: Any project that parses untrusted Protocol Buffers data containing an...

8.7CVSS7.1AI score0.00134EPSS

Exploits0References2

SUSE CVE•added 2025/02/14 5:41 a.m.•1 views

SUSE CVE-2024-7254

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or...

7.5CVSS7.7AI score0.00134EPSS

Exploits0References9

Amazon•added 2024/11/15 12:0 a.m.•3 views

Important: protobuf

Issue Overview: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf...

8.7CVSS7.1AI score0.00134EPSS

Exploits0

Tenable Nessus•added 2024/10/24 12:0 a.m.•28 views

Atlassian Jira Service Management Data Center and Server 5.4.x < 5.4.27, 5.12.x < 5.12.14 / 5.13.x < 5.17.4 / 10.0.x < 10.1.1 (JSDSERVER-15617)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15617 advisory. - Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested...

8.7CVSS7.4AI score0.00134EPSS

Exploits0References2

OSV•added 2024/09/19 1:15 a.m.•1 views

DEBIAN-CVE-2024-7254

8.7CVSS7.1AI score0.00134EPSS

Exploits0References1

OSV•added 2024/09/19 1:15 a.m.•4 views

UBUNTU-CVE-2024-7254

8.7CVSS7AI score0.00134EPSS

Exploits0References5

Cvelist•added 2024/09/19 12:18 a.m.•31 views

CVE-2024-7254 Stack overflow in Protocol Buffers Java Lite

8.7CVSS0.00134EPSS

Exploits0References1

Debian CVE•added 2024/09/19 12:18 a.m.•17 views

CVE-2024-7254

8.7CVSS7.1AI score0.00134EPSS

Exploits0

Vulnrichment•added 2024/09/19 12:18 a.m.•20 views

CVE-2024-7254 Stack overflow in Protocol Buffers Java Lite

8.7CVSS7.3AI score0.00134EPSS

Exploits0References1

CVE•added 2024/09/19 12:18 a.m.•6160 views

CVE-2024-7254

CVE-2024-7254 describes a stack overflow DoS in parsers when handling untrusted Protocol Buffers data with deeply nested SGROUP/group structures. The root cause is unbounded recursion when parsing unknown fields (DiscardUnknownFieldsParser) or Java Protobuf Lite against nested groups or map field...

8.7CVSS6.8AI score0.00134EPSS

Exploits0References3Affected Software5

OSV•added 2024/03/06 11:7 a.m.•25 views

BIT-GITLAB-2023-2825

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups...

10CVSS8.2AI score0.91925EPSS

Exploits5References4

Citrix•added 2023/09/19 12:0 a.m.•5 views

How To Enable DsAuthAzureAdNestedGroups Feature For Azure AD Nested Groups

Adding a group as a member of another group nesting is supported with the DSAuthAzureAdNestedGroups feature enabled...

7.1AI score

Exploits0

OSV•added 2023/05/26 9:15 p.m.•0 views

UBUNTU-CVE-2023-2825

10CVSS7.2AI score0.91925EPSS

Exploits5References5

Prion•added 2023/05/26 9:15 p.m.•27 views

Path traversal

5CVSS7.2AI score0.91925EPSS

Exploits5References3Affected Software1

OSV•added 2023/05/26 12:0 a.m.•24 views

CVE-2023-2825

10CVSS6.9AI score0.91925EPSS

Exploits5References5

NCSC•added 2023/05/25 12:0 a.m.•3 views

Vulnerability fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed a vulnerability in GitLab 16.0.0. A unauthenticated remote malicious person could exploit to gain access to arbitrary files on the server via a path traversal. The vulnerability is exploitable when the malicious party has knowledge has knowledge of an attachment in a public proje...

10CVSS6.9AI score0.91925EPSS

Exploits5

OSV•added 2021/01/27 5:53 p.m.•2 views

DRUPAL-CONTRIB-2021-003

This module enables you to add groups to other groups in a tree structure where access can be inherited up or down the tree. When you configure Subgroup to have a tree with at least three levels, users may inadvertently get permissions in a group that is an uncle or cousin of the source group,...

6.8AI score

Exploits0References1

Atlassian•added 2018/02/05 4:40 p.m.•25 views

Nested groups with uppercase letters cannot be removed from Confluence, after having been synced initially

h3. Summary Nested groups with uppercase letters cannot be removed from Confluence, after having been synced initially. If you synchronize nested groups with upper case letters into Confluence from Crowd / LDAP, and then update the external directory to remove the child groups, the groups will no...

2AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by