Lucene search
K

29 matches found

Snyk
Snyk
added 2025/11/04 3:48 p.m.1 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value due to the protocDigest parameter being ignored when the protoc executable is sourced from the system PATH. An attacker can bypass integrity verification by placing a malicious protoc binary...

2.5CVSS7.3AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/11/04 3:48 p.m.7 views

Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH

Summary The expected protocDigest is ignored when protoc is taken from the PATH. Details The documentation for the protocDigest parameter says: ... Users may wish to specify this if using a PATH-based binary ... However, when specifying PATH the protocDigest is not actually checked because the co...

7.1AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/11/04 3:48 p.m.7 views

GHSA-J2PC-V64R-MV4F Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH

Summary The expected protocDigest is ignored when protoc is taken from the PATH. Details The documentation for the protocDigest parameter says: ... Users may wish to specify this if using a PATH-based binary ... However, when specifying PATH the protocDigest is not actually checked because the co...

1CVSS7.1AI score
Exploits0References3
Fedora
Fedora
added 2025/10/15 1:1 a.m.7 views

[SECURITY] Fedora 42 Update: rust-protobuf-parse-3.7.2-1.fc42

Parse .proto files. Files are parsed into a protobuf::descriptor::FileDescriptorSet object using either: pure rust parser no dependencies protoc binary more reliable and compatible with Google's implementation...

5.9CVSS7.1AI score0.0038EPSS
Exploits0
Fedora
Fedora
added 2025/10/15 1:1 a.m.6 views

[SECURITY] Fedora 42 Update: rust-protobuf-codegen-3.7.2-1.fc42

Code generator for rust-protobuf. Includes a library to invoke programmatically e. g. from build.rs and protoc-gen-rs binary...

5.9CVSS7.1AI score0.0038EPSS
Exploits0
Fedora
Fedora
added 2025/10/14 10:22 p.m.7 views

[SECURITY] Fedora 43 Update: rust-protobuf-parse-3.7.2-1.fc43

Parse .proto files. Files are parsed into a protobuf::descriptor::FileDescriptorSet object using either: pure rust parser no dependencies protoc binary more reliable and compatible with Google's implementation...

5.9CVSS7.1AI score0.0038EPSS
Exploits0
Fedora
Fedora
added 2025/10/14 10:22 p.m.8 views

[SECURITY] Fedora 43 Update: rust-protobuf-codegen-3.7.2-1.fc43

Code generator for rust-protobuf. Includes a library to invoke programmatically e. g. from build.rs and protoc-gen-rs binary...

5.9CVSS7.1AI score0.0038EPSS
Exploits0
Fedora
Fedora
added 2025/10/09 1:15 a.m.7 views

[SECURITY] Fedora 41 Update: rust-protobuf-parse-3.7.2-1.fc41

Parse .proto files. Files are parsed into a protobuf::descriptor::FileDescriptorSet object using either: pure rust parser no dependencies protoc binary more reliable and compatible with Google's implementation...

5.9CVSS7.1AI score0.0038EPSS
Exploits0
Fedora
Fedora
added 2025/10/09 1:15 a.m.7 views

[SECURITY] Fedora 41 Update: rust-protobuf-codegen-3.7.2-1.fc41

Code generator for rust-protobuf. Includes a library to invoke programmatically e. g. from build.rs and protoc-gen-rs binary...

5.9CVSS7.1AI score0.0038EPSS
Exploits0
OSV
OSV
added 2025/06/15 2:38 p.m.2 views

MAL-2025-4965 Malicious code in zora1abs-protoc-helper (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32798df02edd137f9c9492f0b336887efd45c7af6f15e4bac809b1e107d7b4bd Any computer that has this package installed or running should be considered...

7.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/15 2:38 p.m.2 views

Malicious code in zora1abs-protoc-helper (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32798df02edd137f9c9492f0b336887efd45c7af6f15e4bac809b1e107d7b4bd Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.17 views

GHSA-3WHM-J4XM-RV8X vulnerabilities

Vulnerabilities for packages: smarter-device-manager, bank-vaults, nri-memcached, neuvector-scanner, flux-kustomize-controller, aws-application-networking-k8s, kubernetes-ingress-defaultbackend, gosu, yq, crossplane-provider-aws-rds, mockery, protoc-gen-go-grpc, mc, kube-rbac-proxy, kubevela,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.61 views

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: logstash-exporter, coredns, nri-rabbitmq, smarter-device-manager, nri-memcached, nri-haproxy, pulumi-kubernetes-operator, gomplate, vite, goreleaser, kyverno-policy-reporter-kyverno-plugin, kubernetes-dns-node-cache, dgraph, nfs-subdir-external-provisioner, gosu, yq,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.50 views

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: logstash-exporter, coredns, nri-rabbitmq, smarter-device-manager, nri-memcached, nri-haproxy, pulumi-kubernetes-operator, gomplate, vite, goreleaser, kyverno-policy-reporter-kyverno-plugin, kubernetes-dns-node-cache, dgraph, nfs-subdir-external-provisioner, gosu, yq,...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 2:46 p.m.6 views

Malicious code in protoc (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/10/16 2:46 p.m.7 views

MAL-2024-10107 Malicious code in protoc (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
vulnersOsv
vulnersOsv
added 2022/09/23 8:31 p.m.4 views

ad-components (>=0.1.5 <=0.1.6), adataset (=0.1.0) +217 more potentially affected by CVE-2022-1941 via protobuf (>=3.19.0 <=3.19.4)

protobuf PYPI version =3.19.0, =0.1.5, =1.1.0, =1.2.1, =0.13.0, =1.5.0, =3.0.4, =0.3.0, =0.8.0, =1.1.2, =0.1.0a1, =0.0.1, =0.0.2 - asdjgasdghasdhjgasghd =1.0.7 - aslib =1.0.3 and more Source cves: CVE-2022-1941 Source advisory: OSV:GHSA-8GQ9-2X98-W8HF...

7.5CVSS6.8AI score0.01151EPSS
Exploits0
Fedora
Fedora
added 2022/09/06 10:5 a.m.31 views

[SECURITY] Fedora 36 Update: protobuf-c-1.4.1-2.fc36

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. This package provides a code generator and run-time libraries to use Protocol Buffers from pure C not C++. It uses a modified version of protoc called protoc-c...

5.5CVSS6.2AI score0.01058EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/07/31 12:0 a.m.12 views

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2022/07/30 1:57 a.m.16 views

[SECURITY] Fedora 36 Update: golang-github-envoyproxy-protoc-gen-validate-0.4.1-7.fc36

Protoc plugin to generate polyglot message validators...

2.9AI score
Exploits0
Rows per page
Query Builder