235 matches found
Micronaut has unbounded `formattersCache` in `TimeConverterRegistrar` that Allows Memory Exhaustion via `Accept-Language` Header
Summary TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation pattern concatenated with the locale from the HTTP Accept-Language header. Because Locale.forLanguageTag accepts arbitrary BCP 47 private-use...
PT-2026-38292
Name of the Vulnerable Software and Affected Versions Micronaut Framework versions 4.3.0 through 4.10.21 Description An unauthenticated attacker can cause a denial of service by exhausting heap memory, leading to a JVM crash. The issue exists in the TimeConverterRegistrar component, which uses an...
Unsound access to padding bytes while serializing date/time values using the Mysql backend
Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...
RUSTSEC-2026-0138 Unsound access to padding bytes while serializing date/time values using the Mysql backend
Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...
Unsound access to padding bytes while serializing date/time values using the Mysql backend
Diesel relies on libmysqlclient for interacting with Mysql compatible databases. This library requires to provide date/time values according to the byte layout of their MYSQLTIME type. Diesel replicated this type as reprC struct, populated all the fields of this struct and then casted this value ...
RUSTSEC-2026-0134 Unsound access to padding bytes while serializing date/time values using the Mysql backend
Diesel relies on libmysqlclient for interacting with Mysql compatible databases. This library requires to provide date/time values according to the byte layout of their MYSQLTIME type. Diesel replicated this type as reprC struct, populated all the fields of this struct and then casted this value ...
CVE-2026-41153
creationtimestamp| type| source ---|---|--- 2026-04-17 18:14:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjpjpf2f3w2b...
CVE-2026-33174
creationtimestamp| type| source ---|---|--- 2026-03-24 00:29:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhrcz62mfa2d...
OPENSUSE-SU-2026:20384-1 Security update for libsoup
This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...
Low: firefox
Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...
GHSA-5RC7-2JJ6-MP64
creationtimestamp| type| source ---|---|--- 2026-02-26 20:10:19+00:00| seen| https://gist.github.com/alon710/db177992ad587ae21d2ec8067685c1a5...
CVE-2026-3102
A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be...
exiftool 操作系统命令注入漏洞
Exiftool is an open-source application developed by ExifTool. It makes metadata more accessible. Versions of Exiftool 13.49 and earlier had a vulnerability related to operating system command injection. This vulnerability stemmed from the SetMacOSTags function in the PNG file parser component,...
PT-2026-21764
Name of the Vulnerable Software and Affected Versions exiftool versions prior to 13.50 Description An OS command injection issue exists in the PNG File Parser component of exiftool on macOS. The flaw is located in the SetMacOSTags function within the lib/Image/ExifTool/MacOS.pm file. A remote...
AZL-76994 CVE-2026-25727 affecting package kata-containers 3.19.1.kata2-4
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...
CVE-2026-25727
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...
AZL-77087 CVE-2026-25727 affecting package rust 1.75.0-25
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...
AZL-76821 CVE-2026-25727 affecting package azl-compliance for versions less than 1.0.2-3
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...
CVE-2026-25727
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...
CVE-2026-25727
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...