32 matches found
389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting...
EUVD-2021-0757
Malware in sbrugna...
EUVD-2021-0470
Malware in sbrugna...
Malicious code in sequelize-schema-file-generator (npm)
The package sequelize-schema-file-generator was found to contain malicious code...
CVE-2025-55199 Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...
GraphQL Import Success
GraphQL schema file was successfully imported and can be used during the scan. No source data...
GraphQL Import Failed
GraphQL schema file could not be imported and cannot be used during the scan. No source data...
BIT-HELM-2025-32387 Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3...
PT-2024-15266 · Secure Systems Engineering · Secure Systems Engineering Connaisseur
Name of the Vulnerable Software and Affected Versions: Secure Systems Engineering Connaisseur versions up to 3.3.0 Description: A vulnerability has been found in Secure Systems Engineering Connaisseur, affecting unknown code of the file connaisseur/res/targets schema.json of the component...
GHSA-9GP8-6CG8-7H34 Spring Security's spring-security.xsd file is world writable
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical...
VMware Spring Security Security Vulnerability
VMware Spring Security is a set of security frameworks from VMware that provide illustrative security for Spring-based applications. A security vulnerability exists in Spring Security versions 6.1.1 through 6.1.3, 6.0.4 through 6.0.6, 5.8.4 through 5.8.6, and 5.7.9 through 5.7.10, which stems fro...
GO-2022-1166 Denial of service via schema file in helm.sh/helm/v3
Certain JSON schema validation files can cause a Helm Client to panic, leading to a possible denial of service. The chartutil package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The...
Helm contains Denial of service through schema file
...
CVE-2022-23526 Helm contains Denial of service through schema file
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in thechartutil package that can cause a segmentation violation. The chartutil package contains a parser that loads a JSON Schema validation file. For example,...
CVE-2022-23526 Helm contains Denial of service through schema file
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in thechartutil package that can cause a segmentation violation. The chartutil package contains a parser that loads a JSON Schema validation file. For example,...
GHSA-67FX-WX78-JX33 Helm vulnerable to denial of service through schema file
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the chartutil package that can cause a segmentation violation. Applications that use functions from the chartutil package in the Helm SDK can have a Denial of Service attack when they use this package and it...
Helm vulnerable to denial of service through schema file
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the chartutil package that can cause a segmentation violation. Applications that use functions from the chartutil package in the Helm SDK can have a Denial of Service attack when they use this package and it...
Helm vulnerable to denial of service through schema file
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the chartutil package that can cause a segmentation violation. Applications that use functions from the chartutil package in the Helm SDK can have a Denial of Service attack when they use this package and it...
Command injection in Yamale
23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...
CVE-2021-38305
23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...