12 matches found
EUVD-2026-32523
Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...
EUVD-2017-8622
Malware in sbrugna...
EUVD-2025-0216
Malicious code in bioql PyPI...
CVE-2025-24371
CVE-2025-24371 affects CometBFT’s blocksync protocol. If a peer first reports a non-existent latest height X and then a lower Y (X>Y), a node may continually try to catch up and become blocked, potentially impacting availability. This is a networked, low-complexity issue with high impact on av...
SUSE CVE-2017-17459
httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...
Remote memory exhaustion in ckb
In the ckb sync protocol, SyncState maintains a HashMap called 'misbehavior' that keeps a score of a peer's violations of the protocol. This HashMap is keyed to PeerIndex an alias for SessionId, and entries are never removed from it. SessionId is an integer that increases monotonically with every...
GHSA-48VQ-8JQV-GM6F Remote memory exhaustion in ckb
In the ckb sync protocol, SyncState maintains a HashMap called 'misbehavior' that keeps a score of a peer's violations of the protocol. This HashMap is keyed to PeerIndex an alias for SessionId, and entries are never removed from it. SessionId is an integer that increases monotonically with every...
Remote memory exhaustion in ckb
In the ckb sync protocol, SyncState maintains a HashMap called 'misbehavior' that keeps a score of a peer's violations of the protocol. This HashMap is keyed to PeerIndex an alias for SessionId, and entries are never removed from it. SessionId is an integer that increases monotonically with every...
CVE-2017-17459
httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...
Design/Logic Flaw
httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...
CVE-2017-17459
httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...
CVE-2017-17459
Technical details for CVE-2017-17459 are not publicly available in the provided connected documents. The Fossil SSH dash hostname issue is described, but no product/version/root-cause/fix details are supplied. Monitor for updates and additional sources.