protobuf.js 安全漏洞

protobuf.js is an open-source implementation of the Protocol Buffer library, written entirely in JavaScript. It supports protocols for Node.js and browsers using TypeScript. It’s easy to use, extremely fast, and can be used out of the box with.proto files. Versions prior to 7.5.8 and 8.2.0 of...

CVE-2023-43632

As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The communication with this server is done using...

EUVD-2022-29605

Malicious code in bioql PyPI...

EUVD-2025-22325

Malicious code in bioql PyPI...

EUVD-2025-22326

Malicious code in bioql PyPI...

CVE-2025-48498

A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1 when processing a number of fields used for coordination. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database...

CVE-2025-35966

A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2 8.1. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to...

CVE-2025-48498

A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1 when processing a number of fields used for coordination. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database...

CVE-2025-36512

A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message...

CVE-2025-36520

A null pointer dereference vulnerability exists in the netconnectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of service. An attacker can send packets to trigger this vulnerability...

CVE-2025-48498

A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1 when processing a number of fields used for coordination. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database...

CVE-2025-35966

A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2 8.1. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to...

CVE-2025-35966

Bloomberg Comdb2 8.1 is affected by CVE-2025-35966 due to a null pointer dereference in the CDB2SQLQUERY protocol buffer message handling. A specially crafted protocol buffer message sent over TCP can cause a denial of service. Talos documents confirm vulnerable versions and note exploitation via...

Bloomberg Comdb2 代码问题漏洞

Bloomberg Comdb2 is a Bloomberg open source distributed relational database management system. A code issue vulnerability exists in Bloomberg Comdb2 version 8.1, which stems from a null pointer dereference in the CDB2SQLQUERY protocol buffer message handling, which could lead to a denial of servi...

Bloomberg Comdb2 代码问题漏洞

Bloomberg Comdb2 is a Bloomberg open source distributed relational database management system. A code issue vulnerability exists in Bloomberg Comdb2 version 8.1, which stems from a null pointer dereference in the netconnectmsg protocol buffer message function, which could lead to a denial of...

Bloomberg Comdb2 Distributed Transaction Coordination Fields denial of service vulnerability

Talos Vulnerability Report TALOS-2025-2199 Bloomberg Comdb2 Distributed Transaction Coordination Fields denial of service vulnerability July 22, 2025 CVE Number CVE-2025-48498 SUMMARY A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1...

CVE-2025-29912 CryptoLib Has Heap Buffer Overflow Due to Unsigned Integer Underflow in Crypto_TC_ProcessSecurity

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. In versions 1.3.3 and prior, an unsigned integer underflow in the...

Square Wire 安全漏洞

Square Wire is an open source protocol buffer processing library open-sourced by Square in the United States, mainly used for efficient data serialization and deserialization. A security vulnerability exists in Square Wire versions prior to 5.2.0, which stems from not enforcing a recursion...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : protobuf (SUSE-SU-2024:3747-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3747-1 advisory. - CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer bsc1230778 Tenable has extracted t...

SUSE: Security Advisory (SUSE-SU-2024:3747-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...