Lucene search
K

1518 matches found

OSV
OSV
added 2026/06/24 1:9 p.m.5 views

OESA-2026-2693 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: The bsonvalidate function may return early on specific inputs and...

8.6CVSS6.2AI score0.00184EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 1:9 p.m.4 views

OESA-2026-2692 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: The MongoDB C Driver's Cyrus SASL integration performs unsafe...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:9 p.m.5 views

OESA-2026-2691 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: The MongoDB C Driver's Cyrus SASL integration performs unsafe...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:9 p.m.5 views

OESA-2026-2690 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: The MongoDB C Driver's Cyrus SASL integration performs unsafe...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/15 12:0 a.m.6 views

Security update for cyrus-imapd (important)

openSUSE security update: security update for cyrus-imapd ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20962-1 Rating: important References: bsc1241536 bsc1241543 bsc1246165 bsc1251788 Cross-References: CVE-2025-23394 CVE-2025-49812 CVSS scores:...

8.3CVSS7.2AI score0.00516EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/15 12:0 a.m.9 views

Security update for cyrus-imapd (important)

openSUSE Security Update: Security update for cyrus-imapd Announcement ID: openSUSE-SU-2026:0204-1 Rating: important References: 1241536 1241543 1246165 1251788 Cross-References: CVE-2025-23394 CVE-2025-49812 CVSS scores: CVE-2025-49812 SUSE: 8.3...

8.3CVSS5.5AI score0.00516EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 6:46 p.m.5 views

OPENSUSE-SU-2026:20962-1 Security update for cyrus-imapd

This update for cyrus-imapd fixes the following issues: Changes in cyrus-imapd: - cyrus-imapd don't start because of missing "Requires=var-run.mount" from systemd bsc1251788 Remove var-run.mount from Requires and After - update to version 3.8.6 bugfix release VUL-0: CVE-2025-49812: cyrus-imapd:...

9.8CVSS7.2AI score0.00516EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in cyrus-sasl2

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, the plugins/sql.c file does not escape the password used in SQL INSERT or UPDATE statements...

8.8CVSS7.1AI score0.04123EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 12:34 a.m.35 views

CLSA-2026-1779119949 cyrus-imapd: Fix of CVE-2024-34055

fix CVE-2024-34055: denial of service via memory exhaustion using oversized IMAP literals and command arguments - disable cassandane test runner on x8664 and aarch64 due to multiple unrelated mock-environment issues imaptest binary SIGSEGV, slow file I/O, alarm scheduling races; cunit which...

6.5CVSS6.6AI score0.00836EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 2:12 p.m.10 views

CVE-2026-6691

A flaw was found in the MongoDB C Driver's Cyrus SASL integration. This vulnerability, a heap buffer overflow, occurs due to unsafe string copying during username canonicalization. A remote attacker can exploit this by providing untrusted input in the username of a MongoDB URI with...

8.6CVSS6.4AI score0.00126EPSS
Exploits0References2
CloudLinux
CloudLinux
added 2026/05/08 11:35 a.m.11 views

cyrus-sasl: Fix of CVE-2019-19906

CVE-2019-19906: fix off-by-one in sasladdstring lib/common.c that could cause denial of service or information disclosure via crafted input...

7.5CVSS7.1AI score0.08036EPSS
Exploits1
NVD
NVD
added 2026/05/06 4:16 p.m.8 views

CVE-2026-6691

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS0.00126EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 3:8 p.m.2 views

CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 3:8 p.m.51 views

CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS0.00126EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 3:8 p.m.25 views

CVE-2026-6691

CVE-2026-6691 affects the MongoDB C Driver Cyrus SASL integration. The issue is unsafe string copying during username canonicalization, leading to a heap buffer overflow before any authentication or network traffic. The vulnerability can be triggered by untrusted input in the username of a MongoD...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 3:8 p.m.6 views

CVE-2026-6691

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 3:8 p.m.10 views

CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.11 views

MongoDB C Driver 安全漏洞

The MongoDB C Driver is an open-source library developed by MongoDB, designed to connect to and manipulate MongoDB databases in C-language programs. There is a security vulnerability in the MongoDB C Driver, which stems from the insecure string copying performed during username normalization by t...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.10 views

PT-2026-37642

Name of the Vulnerable Software and Affected Versions mongo-c-driver affected versions not specified Description The Cyrus SASL integration in the MongoDB C Driver performs unsafe string copying during username canonicalization. This leads to a heap buffer overflow, which is a memory corruption...

8.6CVSS6AI score0.00126EPSS
Exploits0References23
OSV
OSV
added 2026/04/27 8:55 a.m.10 views

CLSA-2026-1777280127 cyrus-imapd: Fix of CVE-2021-33582

Fix CVE-2021-33582 - Denial of service via string hashing algorithm collisions...

7.5CVSS5.8AI score0.0307EPSS
Exploits0References1
Rows per page
Query Builder