GHSA-HX52-CV84-JR5V Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers

Executive Summary A vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic...

EUVD-2023-31255

Malicious code in bioql PyPI...

EUVD-2022-28838

Malicious code in bioql PyPI...

CVE-2023-27488 Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when failuremodeallow: true is configured for extauthz filter. For affected components that are used for loggin...

CVE-2023-27488 Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when failuremodeallow: true is configured for extauthz filter. For affected components that are used for loggin...

CVE-2022-3510 Parsing issue in protobuf message-type extension

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...

OPENSUSE-SU-2022:10171-1 Security update for pdns-recursor

This update for pdns-recursor fixes the following issues: pdns-recursor was updated to 4.6.3: fixes incomplete exception handling related to protobuf message generation boo1202664, CVE-2022-37428 pdns-recursor was updated to 4.6.2: Reject non-apex NSEC3s that have both the NS and SOA bits set A...

Security update for pdns-recursor (important)

openSUSE Security Update: Security update for pdns-recursor Announcement ID: openSUSE-SU-2022:10171-1 Rating: important References: 1202664 Cross-References: CVE-2022-37428 CVSS scores: CVE-2022-37428 NVD : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-37428 SUSE: 6.5...

powerdns-recursor -- denial of service

PowerDNS Team reports: PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation...

Stack overflow

A stack-based buffer overflow vulnerability exists in the confsrv setmfrule functionality of TCL LinkHub Mesh Wifi MS1G0001.0014. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability...

Stack overflow

A stack-based buffer overflow vulnerability exists in the confsrv setmfrule functionality of TCL LinkHub Mesh Wifi MS1G0001.0014. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability...