209 matches found
EUVD-2024-31909
Malicious code in bioql PyPI...
EUVD-2025-32042
Malicious code in bioql PyPI...
SUSE CVE-2025-59149
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attributetype which is long with transforms can lead to a stack buffer overflow during Suricata startup or duri...
CVE-2025-59149
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attributetype which is long with transforms can lead to a stack buffer overflow during Suricata startup or duri...
CVE-2025-59149 Suricata: Stack buffer overflow in rule parser when processing long keywords with transforms
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attributetype which is long with transforms can lead to a stack buffer overflow during Suricata startup or duri...
CVE-2025-59149
Suricata (Open Information Security Foundation) 8.0.0 is affected by a vulnerability in rules that use ldap.responses.attribute_type with transforms, causing a stack buffer overflow during startup or rule reload. The issue is fixed in version 8.0.1. Workarounds include disabling rules that use ld...
CVE-2025-59149 Suricata: Stack buffer overflow in rule parser when processing long keywords with transforms
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attributetype which is long with transforms can lead to a stack buffer overflow during Suricata startup or duri...
CVE-2025-59149
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attributetype which is long with transforms can lead to a stack buffer overflow during Suricata startup or duri...
CVE-2025-59149
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attributetype which is long with transforms can lead to a stack buffer overflow during Suricata startup or duri...
PT-2025-38268
Name of the Vulnerable Software and Affected Versions Suricata versions prior to 8.0.1 Description Suricata, a network IDS, IPS and NSM engine, contains a flaw where rules utilizing the ldap.responses.attribute type keyword, in conjunction with transforms, can cause a stack buffer overflow. This...
Active Storage allowed transformation methods that were potentially unsafe
Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where...
SUSE CVE-2024-55605
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the tolowercase, touppercase, stripwhitespace, compresswhitespace, dotprefix, headerlowercase, strippseudoheaders, urldecode, or xor...
CVE-2022-22755
By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin policy even after the tab was closed. This vulnerability affects Firefox 97...
CVE-2021-39171
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an...
CVE-2024-3319
An issue was identified in the Identity Security Cloud ISC Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host...
XML External Entity
org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli and org.hl7.fhir.publisher:org.hl7.fhir.publisher.core are vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper XML parsing due to XSLT transforms allowing malicious XML with external entity references to access...
DEBIAN-CVE-2024-55605
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the tolowercase, touppercase, stripwhitespace, compresswhitespace, dotprefix, headerlowercase, strippseudoheaders, urldecode, or xor...
UBUNTU-CVE-2024-55605
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the tolowercase, touppercase, stripwhitespace, compresswhitespace, dotprefix, headerlowercase, strippseudoheaders, urldecode, or xor...
CVE-2024-55605 Suricata allows stack overflow in transforms
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the tolowercase, touppercase, stripwhitespace, compresswhitespace, dotprefix, headerlowercase, strippseudoheaders, urldecode, or xor...
CVE-2024-55605
CVE-2024-55605 affects Suricata prior to 7.0.8, where a large input buffer used by multiple transforms (to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, xor) can cause a stack overflow and crash. The vulnerability is...