19 matches found
CVE-2026-5061
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
CVE-2026-5061
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
CVE-2026-5061
The affected software is consul-template. Before version 0.42.0, the library’s file template helper is vulnerable to a sandbox path bypass that may allow reading an out-of-sandbox file. The underlying issue is a path bypass in the file template helper, enabling access outside the intended sandbox...
CVE-2026-5061
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
OPENSUSE-SU-2026:10573-1 cpp-httplib-devel-0.42.0-1.1 on GA media
These are all security issues fixed in the cpp-httplib-devel-0.42.0-1.1 package on the GA media of openSUSE Tumbleweed...
EUVD-2024-1180
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-31130
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it...
Linux Distros Unpatched Vulnerability : CVE-2024-22189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of...
SUSE CVE-2025-31130
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...
CVE-2025-31130
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...
UBUNTU-CVE-2025-31130
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...
gitoxide 安全漏洞
gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide versions prior to 0.42.0, which stems from a lack of collision detection in the SHA-1 hash implementation and could lead to a hash collision attack...
CVE-2024-32884 gix-transport indirect code execution via malicious username
gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...
CVE-2024-22189
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...
DEBIAN-CVE-2024-22189
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...
CVE-2024-22189
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...
CVE-2024-22189 QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...
PT-2024-2968
Name of the Vulnerable Software and Affected Versions quic-go versions prior to 0.42.0 Description The issue is related to the QUIC protocol implementation in quic-go, where an attacker can cause its peer to run out of memory by sending a large number of NEW CONNECTION ID frames that retire old...
PT-2020-13523 · Mosca · Moscajs Aedes
Name of the Vulnerable Software and Affected Versions: MoscaJS Aedes version 0.42.0 Description: An issue was discovered in the handling of exceptions during the writing of an invalid packet to a stream in lib/write.js. Recommendations: For version 0.42.0, update to version 0.42.1 to resolve the...