Lucene search
K

25 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.11 views

SUSE SLES16 Security Update : alloy (SUSE-SU-2026:21852-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21852-1 advisory. This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing...

7.5CVSS6.9AI score0.01163EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.12 views

openSUSE 16 Security Update : alloy (openSUSE-SU-2026:20816-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20816-1 advisory. This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key...

7.5CVSS5.9AI score0.01163EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Thrift

In Apache Thrift versions 0.9.3 to 0.13.0, malicious RPC clients could send short messages, resulting in a large memory allocation and potentially causing a denial of service...

7.5CVSS6.6AI score0.06779EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/05/14 11:27 p.m.11 views

CVE-2025-48431 affecting package thrift for versions less than 0.15.0-6

CVE-2025-48431 affecting package thrift for versions less than 0.15.0-6. A patched version of the package is available...

7.5CVSS5.8AI score0.01079EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/05 9:31 a.m.10 views

actix-web-opentelemetry (>=0.2.0 <=0.17.0), ailake-file (>=0.0.8 <=0.0.16) +199 more potentially affected by CVE-2026-43868 via thrift (>=0.0.4 <=0.17.0)

thrift CARGO version =0.0.4, =0.2.0, =0.0.8, =0.0.6, =0.3.0, =0.3.5, =0.3.5, =0.2.0, =0.7.0, =0.1.0, =0.1.0, =0.32.1, =0.34.0 and more Source cves: CVE-2026-43868 Source advisory: OSV:GHSA-2F9F-GQ7V-9H6M...

7.5CVSS5.7AI score0.00665EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/05 9:31 a.m.10 views

@514labs/aurora-mcp (>=0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939 <=0.0.64), @514labs/sloan-mcp (=0.0.65) +488 more potentially affected by CVE-2026-43870 via thrift (>=0.10.0 <=0.22.0)

thrift NPM version =0.10.0, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.6, =0.9.0, =0.0.0-9d773c, =0.0.0-5ad901, =0.0.1, =1.0.0-beta.1, =1.0.0-beta.6, =1.0.1, =1.1.0, =0.24.0-no-protobuf-patch.1, =0.24.0-patch.1 - @ccmaymay/concrete =4.15.1 and more Source cves: CVE-2026-43870...

7.3CVSS5.7AI score0.00394EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/05 9:26 a.m.8 views

@514labs/aurora-mcp (>=0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939 <=0.0.64), @514labs/sloan-mcp (=0.0.65) +488 more potentially affected by CVE-2026-43870 via thrift (>=0.10.0 <=0.22.0)

thrift NPM version =0.10.0, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.6, =0.9.0, =0.0.0-9d773c, =0.0.0-5ad901, =0.0.1, =1.0.0-beta.1, =1.0.0-beta.6, =1.0.1, =1.1.0, =0.24.0-no-protobuf-patch.1, =0.24.0-patch.1 - @ccmaymay/concrete =4.15.1 and more Source cves: CVE-2026-43870...

7.3CVSS5.7AI score0.00394EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:49 a.m.8 views

CVE-2026-43868

Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

5.8AI score0.00665EPSS
Exploits0References2
OSV
OSV
added 2026/04/29 8:50 a.m.18 views

BIT-THRIFT-2026-41607 Apache Thrift: C++ JSON OOB read

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

9.1CVSS5.3AI score0.00967EPSS
Exploits0References13
NVD
NVD
added 2026/04/28 10:16 a.m.10 views

CVE-2026-41606

Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

7.5CVSS0.01144EPSS
Exploits0References12
AlpineLinux
AlpineLinux
added 2026/04/28 9:21 a.m.8 views

CVE-2026-41607

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

9.1CVSS5.8AI score0.00967EPSS
Exploits0
OSV
OSV
added 2026/04/28 9:19 a.m.1 views

CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

7.4CVSS5.9AI score0.00593EPSS
Exploits0References14
EUVD
EUVD
added 2026/04/28 9:19 a.m.6 views

EUVD-2026-26021

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

7.4CVSS5.2AI score0.00593EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/28 9:19 a.m.6 views

CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

5.2AI score0.00593EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/28 9:19 a.m.6 views

CVE-2026-41603

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

8.2CVSS5.8AI score0.00593EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

Apache Thrift 安全漏洞

Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a security vulnerability. This vulnerability stemmed from mismatches in the memory management routines in the cglib language...

7.5CVSS5.8AI score0.01079EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 9:20 a.m.4 views

BIT-THRIFT-2020-13949

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service...

7.5CVSS6.7AI score0.06779EPSS
Exploits0References109
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.7 views

CVE-2019-11938

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebo...

7.5CVSS6.7AI score0.02197EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-5184

Malicious code in bioql PyPI...

7.8CVSS6.8AI score0.09156EPSS
Exploits0References90
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1246

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01994EPSS
Exploits0References7
Rows per page
Query Builder