653 matches found
VMware VRealize Network Insight - Remote Code Execution
VMWare Aria Operations for Networks vRealize Network Insight is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the ro...
Important: Red Hat Security Advisory: Red Hat build of Cryostat security update
An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
SUSE SLED15 / SLES15 Security Update : alloy (SUSE-SU-2026:2438-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2438-1 advisory. This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v...
Astra Linux – Vulnerability in Thrift
In Apache Thrift, all versions up to and including 0.12.0, a server or client may encounter an infinite loop when processing specific input data. Since this issue was partially addressed in version 0.11.0, it only affects certain language bindings, depending on the installed version...
Astra Linux – Vulnerability in Thrift
In Apache Thrift versions 0.9.3 to 0.13.0, malicious RPC clients could send short messages, resulting in a large memory allocation and potentially causing a denial of service...
Astra Linux – Vulnerability in Thrift
In Apache Thrift versions 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when receiving invalid input data...
ROOT-APP-GOBINARY-CVE-2026-41602 CVE-2026-41602 in rootio-github.com/apache/thrift - Patched by Root
Root has patched CVE-2026-41602 in the rootio-github.com/apache/thrift package for Root:Go. Multiple fixed versions available...
Apache Thrift: Apache Thrift: Denial of Service via excessive memory allocation
A flaw was found in Apache Thrift. This vulnerability involves a Memory Allocation with Excessive Size Value, which could allow an attacker to trigger resource exhaustion. By providing an overly large size value during memory allocation, an attacker can cause the affected system to become...
Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation
A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This...
SUSE-SU-2026:2438-1 Security update for alloy
This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v2: improper validation of field length allows a malicious PostgreSQL server to crash a client application via a DataRow message bsc1259919. - CVE-2026-25934: github.com/go-git/go-git/v5:...
ROOT-APP-MAVEN-CVE-2026-43869 CVE-2026-43869 in io.root.org.apache.thrift:libthrift - Patched by Root
Root has patched CVE-2026-43869 in the io.root.org.apache.thrift:libthrift package for Root:Maven. Multiple fixed versions available...
CVE-2025-48431
Mismatched Memory Management Routines vulnerability in Apache Thrift cglib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an cglib-based Thrift server...
CVE-2026-43870
Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...
CVE-2026-43868
A flaw was found in Apache Thrift. This vulnerability involves a Memory Allocation with Excessive Size Value, which could allow an attacker to trigger resource exhaustion. By providing an overly large size value during memory allocation, an attacker can cause the affected system to become...
SUSE SLES16 Security Update : alloy (SUSE-SU-2026:21852-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21852-1 advisory. This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing...
openSUSE 16 Security Update : alloy (openSUSE-SU-2026:20816-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20816-1 advisory. This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key...
CVE-2026-43869
A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This...
OPENSUSE-SU-2026:20816-1 Security update for alloy
This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of service bsc1262955. - CVE-2026-41602: github.com/apache/thrift: TFramedTransport frame size headers can lead to a uint32 integer...
CVE-2026-41605 affecting package thrift for versions less than 0.15.0-6
CVE-2026-41605 affecting package thrift for versions less than 0.15.0-6. A patched version of the package is available...
CVE-2026-41602 affecting package thrift for versions less than 0.15.0-6
CVE-2026-41602 affecting package thrift for versions less than 0.15.0-6. A patched version of the package is available...