Lucene search
+L

235 matches found

github
github
added 2026/05/06 8:0 p.m.14 views

Micronaut has unbounded `formattersCache` in `TimeConverterRegistrar` that Allows Memory Exhaustion via `Accept-Language` Header

Summary TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation pattern concatenated with the locale from the HTTP Accept-Language header. Because Locale.forLanguageTag accepts arbitrary BCP 47 private-use...

7.5CVSS5.9AI score0.0055EPSS
Exploits0References9Affected Software1
ptsecurity
ptsecurity
added 2026/05/06 12:0 a.m.23 views

PT-2026-38292

Name of the Vulnerable Software and Affected Versions Micronaut Framework versions 4.3.0 through 4.10.21 Description An unauthenticated attacker can cause a denial of service by exhausting heap memory, leading to a JVM crash. The issue exists in the TimeConverterRegistrar component, which uses an...

7.5CVSS5.9AI score0.0055EPSS
Exploits0References16
rustsec
rustsec
added 2026/04/30 12:0 p.m.13 views

Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...

5.8AI score
Exploits0Affected Software1
osv
osv
added 2026/04/30 12:0 p.m.8 views

RUSTSEC-2026-0138 Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...

5.8AI score
Exploits0References3
rustsec
rustsec
added 2026/04/24 12:0 p.m.14 views

Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel relies on libmysqlclient for interacting with Mysql compatible databases. This library requires to provide date/time values according to the byte layout of their MYSQLTIME type. Diesel replicated this type as reprC struct, populated all the fields of this struct and then casted this value ...

5.8AI score
Exploits0Affected Software1
osv
osv
added 2026/04/24 12:0 p.m.9 views

RUSTSEC-2026-0134 Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel relies on libmysqlclient for interacting with Mysql compatible databases. This library requires to provide date/time values according to the byte layout of their MYSQLTIME type. Diesel replicated this type as reprC struct, populated all the fields of this struct and then casted this value ...

5.8AI score
Exploits0References3
circl
circl
added 2026/04/17 6:14 p.m.5 views

CVE-2026-41153

creationtimestamp| type| source ---|---|--- 2026-04-17 18:14:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjpjpf2f3w2b...

9.8CVSS5.7AI score0.00257EPSS
Exploits0References1
circl
circl
added 2026/03/24 12:29 a.m.4 views

CVE-2026-33174

creationtimestamp| type| source ---|---|--- 2026-03-24 00:29:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhrcz62mfa2d...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References1
osv
osv
added 2026/03/18 10:1 a.m.4 views

OPENSUSE-SU-2026:20384-1 Security update for libsoup

This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...

9.1CVSS7AI score0.00821EPSS
Exploits2References18
amazon
amazon
added 2026/03/06 12:0 a.m.7 views

Low: firefox

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

6.8CVSS5.8AI score0.00291EPSS
Exploits0
circl
circl
added 2026/02/26 8:10 p.m.6 views

GHSA-5RC7-2JJ6-MP64

creationtimestamp| type| source ---|---|--- 2026-02-26 20:10:19+00:00| seen| https://gist.github.com/alon710/db177992ad587ae21d2ec8067685c1a5...

4.8AI score
Exploits0References1
ubuntucve
ubuntucve
added 2026/02/24 3:21 p.m.5 views

CVE-2026-3102

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be...

8.8CVSS6.5AI score0.03411EPSS
Exploits2References8
cnnvd
cnnvd
added 2026/02/24 12:0 a.m.9 views

exiftool 操作系统命令注入漏洞

Exiftool is an open-source application developed by ExifTool. It makes metadata more accessible. Versions of Exiftool 13.49 and earlier had a vulnerability related to operating system command injection. This vulnerability stemmed from the SetMacOSTags function in the PNG file parser component,...

8.8CVSS6.8AI score0.03411EPSS
Exploits2References7
ptsecurity
ptsecurity
added 2026/02/24 12:0 a.m.13 views

PT-2026-21764

Name of the Vulnerable Software and Affected Versions exiftool versions prior to 13.50 Description An OS command injection issue exists in the PNG File Parser component of exiftool on macOS. The flaw is located in the SetMacOSTags function within the lib/Image/ExifTool/MacOS.pm file. A remote...

8.8CVSS7.4AI score0.03411EPSS
Exploits2References39
osv
osv
added 2026/02/06 8:16 p.m.7 views

AZL-76994 CVE-2026-25727 affecting package kata-containers 3.19.1.kata2-4

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

6.8CVSS5.7AI score0.00291EPSS
Exploits0References1
nvd
nvd
added 2026/02/06 8:16 p.m.11 views

CVE-2026-25727

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

6.8CVSS0.00291EPSS
Exploits0References4
osv
osv
added 2026/02/06 8:16 p.m.11 views

AZL-77087 CVE-2026-25727 affecting package rust 1.75.0-25

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

6.8CVSS5.7AI score0.00291EPSS
Exploits0References1
osv
osv
added 2026/02/06 8:16 p.m.6 views

AZL-76821 CVE-2026-25727 affecting package azl-compliance for versions less than 1.0.2-3

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

6.8CVSS5.7AI score0.00291EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/06 7:20 p.m.6 views

CVE-2026-25727

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

6.8CVSS5.4AI score0.00291EPSS
Exploits0References5Affected Software1
debiancve
debiancve
added 2026/02/06 7:20 p.m.6 views

CVE-2026-25727

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

6.8CVSS5.3AI score0.00291EPSS
Exploits0
Rows per page
Query Builder