Lucene search
K

281 matches found

SUSE CVE
SUSE CVE
added 2025/02/14 5:50 a.m.3 views

SUSE CVE-2024-2410

The JsonToBinaryStream function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed...

7.6CVSS7.3AI score0.00332EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/02/14 5:41 a.m.2 views

SUSE CVE-2024-7254

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or...

7.5CVSS7.7AI score0.02772EPSS
Exploits1References9
Atlassian
Atlassian
added 2025/02/11 11:25 p.m.22 views

DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server

This High severity com.google.protobuf:protobuf-java Dependency vulnerability was introduced in versions 9.4.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, 9.14.0, 9.15.0, 9.16.1, 9.17.0, 10.0.0, and 10.1.1 of Jira Software Data Center and Server. This...

8.7CVSS6.6AI score0.02772EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/05 8:35 p.m.8 views

Security Bulletin: Vulnerability in Protocol Buffers affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in Protocol Buffers has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses...

8.7CVSS6.6AI score0.02772EPSS
Exploits1Affected Software1
SUSE Linux
SUSE Linux
added 2025/02/03 9:4 a.m.1 views

Security update for protobuf

This update for protobuf fixes the following issues: CVE-2024-7254: Fixed a stack overflow vulnerability in protocol buffers bsc1230778 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...

7.5CVSS7.7AI score0.02772EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/02/01 12:0 a.m.13 views

IBM WebSphere Application Server Liberty 20.0.0.12 < 24.0.0.11 DoS (7173097)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a DoS vulnerability as referenced in the 7173097 advisory. - Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can...

8.7CVSS7.4AI score0.02772EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.16 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254).

Summary IBM App Connect Enterprise and IBM App Connect Enterprise Toolkit are vulnerable to a denial of service due to Google Protocol Buffers CVE-2024-7254. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Google...

8.7CVSS7AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.17 views

Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable to CVE-2024-7254

Summary IBM Maximo Application Suite uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable to CVE-2024-7254. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

8.7CVSS6.9AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.22 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254)

Summary There is a vulnerability in the Google Protocol Buffers protobuf library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Google Protocol Buffers a.k.a., protobuf is vulnerable to a...

8.7CVSS7.2AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.32 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, contains a vulnerability in the Google Protocol Buffers protobuf library with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

8.7CVSS6.1AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.29 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, contains a vulnerability in the Google Protocol Buffers protobuf library with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

8.7CVSS6.1AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.14 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-7254]

Summary The Google Protocol Buffers package is used by IBM App Connect Enterprise Certified Container for processing DFDL message definitions. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime that use the DFDL parser are vulnerable to denial of service. This...

8.7CVSS7.5AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.19 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Protocol Buffers protobuf-go denial of service vulnerability [ CVE-2024-24786]

Summary Potential denial of service vulnerability in Protocol Buffers protobuf-go CVE-2024-24786 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

7.5CVSS7AI score0.01262EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.11 views

Security Bulletin: IBM PowerVM Novalink is vulnerable because Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit. (CVE-2024-7254)

Summary IBM PowerVM Novalink is vulnerable because Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with...

8.7CVSS6.9AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 9:51 p.m.13 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Protocol Buffers protobuf-go denial of service vulnerabilitiy( CVE-2024-24786)

Summary A potential denial of service vulnerability CVE-2024-24786 has been identified related to Protocol Buffers protobuf-go that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24786...

7.5CVSS6.9AI score0.01262EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 9:51 p.m.16 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254)

Summary There is a vulnerability in the Google Protocol Buffers protobuf library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in...

8.7CVSS6.4AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 9:51 p.m.12 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable toCVE-2024-7254

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable toCVE-2024-7254. This bulletin contains information regarding the vulnerability and its...

8.7CVSS6.5AI score0.02772EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/01/15 3:51 p.m.3 views

CVE-2025-21088 WebApp crash via improper validation of proto style in attachments

Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input...

6.5CVSS7AI score0.0054EPSS
Exploits0References3
NVD
NVD
added 2024/12/02 4:15 p.m.14 views

CVE-2024-53984

Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PBENABLEMALLOC is enabled, the message contains at least one field with FTPOINTER field type, custom stream callback is used with unknown stream length. and the pbdecodeex function is used with flag...

4.3CVSS0.00393EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/12/02 4:6 p.m.3 views

protobuf: StackOverflow vulnerability in Protocol Buffers

A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...

8.7CVSS7.1AI score0.02772EPSS
Exploits1References5
Rows per page
Query Builder