Lucene search
K

28 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in protobuf

A issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in a way that would cause them to be processed out of order. A small malicious payload can occupy the parser for several minutes by creating a large number of short-lived objects, resulting in frequent...

7.5CVSS6.6AI score0.01655EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.9 views

CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

7.5CVSS5.5AI score0.00374EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 6:11 p.m.11 views

EUVD-2026-34165

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

5.8AI score0.00374EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/02/23 12:0 a.m.4 views

Can You Tell It'S AI? Human Perception of Synthetic Voices in Vishing Scenarios

Large Language Models and commercial speech synthesis systems now enable highly realistic AI-generated voice scams vishing, raising urgent concerns about deception at scale. Yet it remains unclear whether individuals can reliably distinguish AI-generated speech from human-recorded voices in...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: python-tensorboard / pytorch (CVE-2021-22569)

The version of python-tensorboard / pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-22569 advisory. - An issue in protobuf-java allowed the interleaving of...

7.5CVSS7.5AI score0.01655EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.7 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible loss of txs in AMSDU by mt76 mt7921, which could lead to SKB leaks and network pauses...

6AI score0.002EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-22569

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small...

7.5CVSS6.7AI score0.01655EPSS
Exploits1References2
Fedora
Fedora
added 2025/04/17 7:33 p.m.11 views

[SECURITY] Fedora 40 Update: workrave-1.11.0~rc.1-1.fc40

Workrave is a program that assists in the recovery and prevention of Repetitive Strain Injury RSI. The program frequently alerts you to take micro-pauses, rest breaks and restricts you to your daily limit...

6.1CVSS6.2AI score0.00354EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/25 6:55 p.m.27 views

Security Bulletin: Vulnerability in Protobuf-core affects IBM watsonx.data

Summary Protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for Message-Type Extensions. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause lo...

7.5CVSS8.2AI score0.00483EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 8:3 p.m.36 views

Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.

Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a...

7.5CVSS7.4AI score0.02459EPSS
Exploits3Affected Software1
RedhatCVE
RedhatCVE
added 2023/04/03 7:43 p.m.72 views

CVE-2022-3510

A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbag...

5.3CVSS7.3AI score0.00483EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 10:43 a.m.21 views

Security Bulletin: Multiple Vulnerabilities in Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2022-3509, CVE-2022-3171)

Summary A parsing issue in Google Protocol Buffer shipped with IBM Operations Analytics - Log Analysis can lead to a denial of service attack. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...

7.5CVSS6AI score0.01048EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.46 views

Amazon Linux 2023 : protobuf, protobuf-compiler, protobuf-devel (ALAS2023-2023-049)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-049 advisory. A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to...

7.5CVSS6.4AI score0.01151EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/23 3:50 p.m.22 views

Security Bulletin: CVE-2022-3509, CVE-2022-3171 may affect IBM CICS TX Standard

Summary WebSphere Application Server Liberty is vulnerable to denial of service due to Google protobuf-java . This affects IBM WebSphere Liberty used by IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-ja...

7.5CVSS6.2AI score0.01048EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.3 views

SUSE CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

7.5CVSS6.6AI score0.01048EPSS
Exploits0References46
Tenable Nessus
Tenable Nessus
added 2023/01/11 12:0 a.m.42 views

GLSA-202301-09 : protobuf-java: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202301-09 protobuf-java: Denial of Service - A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple...

7.5CVSS6.4AI score0.01048EPSS
Exploits0References5
Snyk
Snyk
added 2022/12/13 8:8 a.m.2 views

Denial of Service (DoS)

Overview google-protobuf is a Google's data interchange format. Affected versions of this package are vulnerable to Denial of Service DoS when providing inputs containing multiple instances of non-repeated embedded messages, with repeated or unknown fields. The vulnerability exists due to a parsi...

7.5CVSS7.1AI score0.00483EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/12/12 3:30 p.m.134 views

Protobuf Java vulnerable to Uncontrolled Resource Consumption

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...

7.5CVSS7.4AI score0.00483EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2022/12/12 1:15 p.m.29 views

CVE-2022-3509

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes...

7.5CVSS7.5AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/11 12:0 a.m.3 views

PT-2022-6841 · Google +1 · Protobuf-Java +1

Name of the Vulnerable Software and Affected Versions: protobuf-java versions prior to 3.21.7 protobuf-java versions prior to 3.20.3 protobuf-java versions prior to 3.19.6 protobuf-java versions prior to 3.16.3 Description: The issue is related to insufficient input validation in the Java Protoco...

7.8CVSS7.6AI score0.00483EPSS
Exploits0References17
Rows per page
Query Builder