Lucene search
K

425 matches found

OSV
OSV
added 2025/03/27 2:15 p.m.3 views

UBUNTU-CVE-2025-2849

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::unDTINIT of the file src/plxelf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been...

5.5CVSS4.9AI score0.00274EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.5 views

UPX 安全漏洞

UPX is a free, secure, portable, scalable, high-performance executable shelling program for a wide range of executable formats. A security vulnerability exists in UPX 5.0.0 and earlier versions, which stems from an incorrect operation of the PackLinuxElf64::unDTINIT function that can cause a heap...

5.5CVSS4.7AI score0.00274EPSS
Exploits1References1
CBLMariner
CBLMariner
added 2025/03/26 8:31 p.m.23 views

CVE-2024-45337 affecting package packer for versions less than 1.9.5-4

CVE-2024-45337 affecting package packer for versions less than 1.9.5-4. A patched version of the package is available...

9.1CVSS9.6AI score0.03153EPSS
Exploits2
OSV
OSV
added 2025/03/21 10:15 p.m.9 views

AZL-59204 CVE-2025-30204 affecting package packer for versions less than 1.9.5-7

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS6.2AI score0.00693EPSS
Exploits0References1
OSV
OSV
added 2025/03/21 10:15 p.m.15 views

AZL-59242 CVE-2025-30204 affecting package packer for versions less than 1.9.5-12

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS6.7AI score0.00693EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2025/03/13 3:10 p.m.12 views

CVE-2024-28180 affecting package packer for versions less than 1.9.5-6

CVE-2024-28180 affecting package packer for versions less than 1.9.5-6. A patched version of the package is available...

4.3CVSS5.1AI score0.01956EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/03/13 3:10 p.m.6 views

CVE-2025-27144 affecting package packer for versions less than 1.9.5-6

CVE-2025-27144 affecting package packer for versions less than 1.9.5-6. A patched version of the package is available...

8.7CVSS7.8AI score0.00369EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/03/13 3:10 p.m.12 views

CVE-2025-22868 affecting package packer for versions less than 1.9.5-6

CVE-2025-22868 affecting package packer for versions less than 1.9.5-6. A patched version of the package is available...

7.5CVSS7.6AI score0.00804EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/03/13 3:10 p.m.8 views

CVE-2025-22869 affecting package packer for versions less than 1.9.5-6

CVE-2025-22869 affecting package packer for versions less than 1.9.5-6. A patched version of the package is available...

7.5CVSS7.6AI score0.00868EPSS
Exploits0
OSV
OSV
added 2025/03/12 7:15 p.m.10 views

AZL-58396 CVE-2025-22870 affecting package packer for versions less than 1.9.5-12

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.7 views

AZL-58469 CVE-2025-22870 affecting package packer for versions less than 1.9.5-9

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
The Hacker News
The Hacker News
added 2025/03/11 2:35 p.m.23 views

Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks

The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection...

6.5CVSS7.3AI score0.81817EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/03/04 4:7 p.m.12 views

CVE-2025-22869 affecting package packer for versions less than 1.9.5-10

CVE-2025-22869 affecting package packer for versions less than 1.9.5-10. A patched version of the package is available...

7.5CVSS7.3AI score0.00868EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/03/04 4:7 p.m.10 views

CVE-2025-22868 affecting package packer for versions less than 1.9.5-10

CVE-2025-22868 affecting package packer for versions less than 1.9.5-10. A patched version of the package is available...

7.5CVSS7.3AI score0.00804EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/03/03 10:12 p.m.9 views

CVE-2025-27144 affecting package packer for versions less than 1.9.5-9

CVE-2025-27144 affecting package packer for versions less than 1.9.5-9. A patched version of the package is available...

8.7CVSS6.7AI score0.00369EPSS
Exploits0
OSV
OSV
added 2025/02/26 8:14 a.m.8 views

AZL-57393 CVE-2025-22869 affecting package packer for versions less than 1.9.5-6

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

7.5CVSS6.6AI score0.00868EPSS
Exploits0References1
OSV
OSV
added 2025/02/26 8:14 a.m.9 views

AZL-57458 CVE-2025-22869 affecting package packer for versions less than 1.9.5-10

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

7.5CVSS6.6AI score0.00868EPSS
Exploits0References1
OSV
OSV
added 2025/02/26 8:14 a.m.8 views

AZL-57339 CVE-2025-22868 affecting package packer for versions less than 1.9.5-6

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

7.5CVSS6.6AI score0.00804EPSS
Exploits0References1
OSV
OSV
added 2025/02/26 8:14 a.m.11 views

AZL-57422 CVE-2025-22868 affecting package packer for versions less than 1.9.5-10

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

7.5CVSS6.6AI score0.00804EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2025/02/13 4:8 p.m.8 views

CVE-2024-28180 affecting package packer for versions less than 1.9.5-8

CVE-2024-28180 affecting package packer for versions less than 1.9.5-8. A patched version of the package is available...

4.3CVSS7.3AI score0.01956EPSS
Exploits0
Rows per page
Query Builder