157 matches found
Astra Linux - уязвимость в protobuf
A issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in a way that would cause them to be processed out of order. A small malicious payload can occupy the parser for several minutes by creating a large number of short-lived objects, resulting in frequent...
Oracle GoldenGate for Big Data Multiple Vulnerabilities 23.x < 23.26.2.0.0 (April 2026 CPU)
According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate component: Third Party Google...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Security Bulletin: protobuf-java - CVE-2021-44716 addressed in Cloudera Data Platform Private Cloud Base 7.1.9
Summary Security Bulletin: protobuf-java - CVE-2021-44716 addressed in Cloudera Data Platform Private Cloud Base 7.1.9. Vulnerability Details CVEID:CVE-2021-44716 DESCRIPTION: net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header...
Security Bulletin: protobuf-java - CVE-2022-3171 fixed in Cloudera Data Platform Private Cloud Base 7.1.9
Summary Security Bulletin: protobuf-java - CVE-2022-3171 fixed in Cloudera Data Platform Private Cloud Base 7.1.9 Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to ...
Azure Linux 3.0 Security Update: python-tensorboard (CVE-2022-3171)
The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3171 advisory. - A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3,...
Azure Linux 3.0 Security Update: python-tensorboard (CVE-2022-3509)
The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3509 advisory. - A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite...
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Bitbucket Data Center and Server
This High severity DoS Denial of Service Dependency vulnerability, known as CVE-2024-7254, was introduced in version 8.9.0 of Bitbucket Data Center and Server. This vulnerability, with a CVSS Score of 8.7 and a vector of...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 7 / 8 / 9 : Red Hat JBoss Enterprise Application Platform 7.4.23 (RHSA-2025:20052)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20052 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: protobuf (UTSA-2025-986158)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986158 advisory. A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs...
EUVD-2022-7503
Malicious code in bioql PyPI...
EUVD-2022-7102
Malicious code in bioql PyPI...
EUVD-2022-7625
Malicious code in bioql PyPI...
EUVD-2022-0729
Malicious code in bioql PyPI...
EUVD-2024-2741
Malicious code in bioql PyPI...
Security Bulletin: IBM® Db2® federated server is vulnerable to unbounded recursions due to a vulnerability in protobuf-java (CVE-2024-7254).
Summary Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite...
Security Bulletin: IBM® Db2® is affected by a vulnerability in protobuf-java (CVE-2022-3510, CVE-2022-3509, CVE-2022-3171).
Summary protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to caus...
Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to protobuf-java (CVE-2024-7254)
Summary protobuf-java is vulnerable to a StackOverflow attack. This vulnerability affects IBM Spectrum Control. CVE-2024-7254. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of...
Security Bulletin: Security Vulnerability in Protobuf-Java Affects Document Service Container of IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2024-7254)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Protobuf-Java. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of...