Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5061

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...

4.7CVSS5.4AI score0.00109EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 3:16 p.m.29 views

CVE-2026-5061

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...

4.7CVSS0.00109EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 1:58 p.m.16 views

CVE-2026-5061

The affected software is consul-template. Before version 0.42.0, the library’s file template helper is vulnerable to a sandbox path bypass that may allow reading an out-of-sandbox file. The underlying issue is a path bypass in the file template helper, enabling access outside the intended sandbox...

4.7CVSS5.8AI score0.00109EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 1:58 p.m.10 views

CVE-2026-5061

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...

4.7CVSS5.8AI score0.00109EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/18 12:0 a.m.3 views

OPENSUSE-SU-2026:10573-1 cpp-httplib-devel-0.42.0-1.1 on GA media

These are all security issues fixed in the cpp-httplib-devel-0.42.0-1.1 package on the GA media of openSUSE Tumbleweed...

7.4CVSS5.8AI score0.00262EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1180

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.011EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-31130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it...

6.8CVSS5.5AI score0.00223EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-22189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of...

7.5CVSS7.4AI score0.011EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/04/08 1:43 a.m.4 views

SUSE CVE-2025-31130

gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...

6.8CVSS6.9AI score0.00223EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/04/06 3:31 p.m.7 views

CVE-2025-31130

gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...

6.8CVSS6.8AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2025/04/04 3:15 p.m.2 views

UBUNTU-CVE-2025-31130

gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...

6.8CVSS5.8AI score0.00223EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.5 views

gitoxide 安全漏洞

gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide versions prior to 0.42.0, which stems from a lack of collision detection in the SHA-1 hash implementation and could lead to a hash collision attack...

6.8CVSS6.3AI score0.00223EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/26 6:4 p.m.41 views

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

6.4CVSS7AI score0.00514EPSS
Exploits0References2
NVD
NVD
added 2024/04/04 3:15 p.m.20 views

CVE-2024-22189

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

7.5CVSS7.5AI score0.011EPSS
Exploits0References4
OSV
OSV
added 2024/04/04 3:15 p.m.2 views

DEBIAN-CVE-2024-22189

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

7.5CVSS7.7AI score0.011EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/04/04 3:15 p.m.24 views

CVE-2024-22189

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

7.5CVSS7.1AI score0.011EPSS
Exploits0References6
OSV
OSV
added 2024/04/04 2:25 p.m.17 views

CVE-2024-22189 QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

7.5CVSS7.6AI score0.011EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.3 views

PT-2024-2968

Name of the Vulnerable Software and Affected Versions quic-go versions prior to 0.42.0 Description The issue is related to the QUIC protocol implementation in quic-go, where an attacker can cause its peer to run out of memory by sending a large number of NEW CONNECTION ID frames that retire old...

7.8CVSS7.1AI score0.011EPSS
Exploits0References48
Positive Technologies
Positive Technologies
added 2020/08/26 12:0 a.m.6 views

PT-2020-13523 · Mosca · Moscajs Aedes

Name of the Vulnerable Software and Affected Versions: MoscaJS Aedes version 0.42.0 Description: An issue was discovered in the handling of exceptions during the writing of an invalid packet to a stream in lib/write.js. Recommendations: For version 0.42.0, update to version 0.42.1 to resolve the...

7.5CVSS7.4AI score0.02246EPSS
Exploits1References7
Rows per page
Query Builder