425 matches found
UBUNTU-CVE-2025-2849
A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::unDTINIT of the file src/plxelf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been...
UPX 安全漏洞
UPX is a free, secure, portable, scalable, high-performance executable shelling program for a wide range of executable formats. A security vulnerability exists in UPX 5.0.0 and earlier versions, which stems from an incorrect operation of the PackLinuxElf64::unDTINIT function that can cause a heap...
CVE-2024-45337 affecting package packer for versions less than 1.9.5-4
CVE-2024-45337 affecting package packer for versions less than 1.9.5-4. A patched version of the package is available...
AZL-59204 CVE-2025-30204 affecting package packer for versions less than 1.9.5-7
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
AZL-59242 CVE-2025-30204 affecting package packer for versions less than 1.9.5-12
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
CVE-2024-28180 affecting package packer for versions less than 1.9.5-6
CVE-2024-28180 affecting package packer for versions less than 1.9.5-6. A patched version of the package is available...
CVE-2025-27144 affecting package packer for versions less than 1.9.5-6
CVE-2025-27144 affecting package packer for versions less than 1.9.5-6. A patched version of the package is available...
CVE-2025-22868 affecting package packer for versions less than 1.9.5-6
CVE-2025-22868 affecting package packer for versions less than 1.9.5-6. A patched version of the package is available...
CVE-2025-22869 affecting package packer for versions less than 1.9.5-6
CVE-2025-22869 affecting package packer for versions less than 1.9.5-6. A patched version of the package is available...
AZL-58396 CVE-2025-22870 affecting package packer for versions less than 1.9.5-12
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58469 CVE-2025-22870 affecting package packer for versions less than 1.9.5-9
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection...
CVE-2025-22869 affecting package packer for versions less than 1.9.5-10
CVE-2025-22869 affecting package packer for versions less than 1.9.5-10. A patched version of the package is available...
CVE-2025-22868 affecting package packer for versions less than 1.9.5-10
CVE-2025-22868 affecting package packer for versions less than 1.9.5-10. A patched version of the package is available...
CVE-2025-27144 affecting package packer for versions less than 1.9.5-9
CVE-2025-27144 affecting package packer for versions less than 1.9.5-9. A patched version of the package is available...
AZL-57393 CVE-2025-22869 affecting package packer for versions less than 1.9.5-6
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
AZL-57458 CVE-2025-22869 affecting package packer for versions less than 1.9.5-10
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
AZL-57339 CVE-2025-22868 affecting package packer for versions less than 1.9.5-6
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...
AZL-57422 CVE-2025-22868 affecting package packer for versions less than 1.9.5-10
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...
CVE-2024-28180 affecting package packer for versions less than 1.9.5-8
CVE-2024-28180 affecting package packer for versions less than 1.9.5-8. A patched version of the package is available...