Lucene search
K

137 matches found

RedhatCVE
RedhatCVE
added 2026/07/02 4:38 p.m.6 views

CVE-2026-48706

A flaw was found in Envoy, an open-source edge and service proxy. An attacker can exploit a heap write overflow vulnerability in Envoy's TCP StatsD sink by sending exceptionally long statistic names, such as those found in HTTP or gRPC request paths. This can lead to a denial-of-service, causing...

7.5CVSS5.9AI score0.0061EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 11:39 p.m.7 views

BIT-ENVOY-2026-48706 Envoy Heap Buffer Overflow in TcpStatsdSink

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

7.5CVSS6.5AI score0.0061EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 6:17 p.m.8 views

CVE-2026-48706

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

7.5CVSS0.0061EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:38 p.m.5 views

CVE-2026-48706

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

5.9CVSS6.5AI score0.0061EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/26 5:38 p.m.20 views

CVE-2026-48706

CVE-2026-48706 affects Envoy TCP StatsD sink (TcpStatsdSink). A heap write overflow can occur when processing extremely long statistic names (>16 KiB) due to mismanagement of 16 KiB flush slices during buffer rotation, potentially causing process crash or remote code execution. Affected versio...

7.5CVSS6.5AI score0.0061EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52891

Name of the Vulnerable Software and Affected Versions Envoy versions 1.34.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description A heap write overflow exists in the TCP StatsD sink TcpStatsdSink when processing...

7.5CVSS6.2AI score0.0061EPSS
Exploits0References19
Fedora
Fedora
added 2026/06/19 1:10 a.m.11 views

[SECURITY] Fedora 43 Update: perl-Net-Statsd-0.13-1.fc43

This module implements a client for a statsd statistics collection server, su ch as the one in use at Etsy.com. You want to use this module to track statistics in your Perl application, such as how many times a certain event occurs user logins in a web application, or database queries issued, or...

5.3CVSS5.6AI score0.00258EPSS
Exploits0
NVD
NVD
added 2026/06/10 7:16 p.m.23 views

CVE-2026-50637

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions allow mutiple metrics, separated by newlines, to be sent per packet. The send method does not validate the contents of the metric names or values. If the name...

8.2CVSS0.00323EPSS
Exploits0References6
NVD
NVD
added 2026/06/10 7:16 p.m.15 views

CVE-2026-50639

Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions such as dogstatsd allow mutiple metrics, separated by newlines, to be sent per packet. Metrics::Any::Adapter::SignalFx which extends...

6.5CVSS0.00264EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/10 6:32 p.m.34 views

CVE-2026-50639 Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections

Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions such as dogstatsd allow mutiple metrics, separated by newlines, to be sent per packet. Metrics::Any::Adapter::SignalFx which extends...

0.00264EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 6:32 p.m.11 views

EUVD-2026-36106

Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions such as dogstatsd allow mutiple metrics,separated by newlines, to be sent per packet. Metrics::Any::Adapter::SignalFx which extends...

9.1CVSS5.4AI score0.00331EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 6:32 p.m.7 views

CVE-2026-50637 Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions allow mutiple metrics, separated by newlines, to be sent per packet. The send method does not validate the contents of the metric names or values. If the name...

5.8AI score0.00323EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/10 6:32 p.m.34 views

CVE-2026-50637 Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions allow mutiple metrics, separated by newlines, to be sent per packet. The send method does not validate the contents of the metric names or values. If the name...

0.00323EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 6:32 p.m.10 views

EUVD-2026-36104

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions allow mutiple metrics,separated by newlines, to be sent per packet. The send method does not validate the contents of the metric names or values. If the names...

8.2CVSS5.4AI score0.00344EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 6:32 p.m.27 views

CVE-2026-50637

The CVE concerns Metrics::Any::Adapter::Statsd (Perl) prior to v0.04, where the send path did not validate metric names/values, allowing metric injections when names contain newlines and statsd control characters (colon, pipe). This vulnerability affects Metrics::Any::Adapter::Statsd and related ...

8.2CVSS5.8AI score0.00323EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.21 views

PT-2026-48519

Name of the Vulnerable Software and Affected Versions Metrics::Any::Adapter::Statsd versions prior to 0.04 Description The software does not protect against metric injections. The statsd protocol allows multiple metrics to be sent per packet, separated by newlines. The send method fails to valida...

8.2CVSS5.8AI score0.00323EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.21 views

PT-2026-48521

Name of the Vulnerable Software and Affected Versions Metrics::Any::Adapter::SignalFx versions prior to 0.04 Description The software does not protect against metric injections. The statsd protocol and its extensions, such as dogstatsd, allow multiple metrics separated by newlines to be sent with...

6.5CVSS5.8AI score0.00264EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Metrics::Any::Adapter::Statsd 注入漏洞

Metrics::Any::Adapter::Statsd is a Perl metric collection adapter module developed by PEVANS’s individual developers. Versions of Metrics::Any::Adapter::Statsd prior to version 0.04 contained an injection vulnerability. This vulnerability stemmed from the send method not verifying the content of...

8.2CVSS5.3AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 11:54 a.m.15 views

CVE-2026-46739

A flaw was found in perl-Net-Statsd. This vulnerability allows an attacker to inject additional statsd metrics due to insufficient validation of metric names and values. Specifically, the software does not properly check for newlines, colons, or pipes in metric names, nor does it ensure that valu...

5.3CVSS5.3AI score0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.12 views

CVE-2026-45179

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

5.3CVSS5.4AI score0.00219EPSS
Exploits0References1
Rows per page
Query Builder