10 matches found
EUVD-2026-39982
A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...
CVE-2026-11461
A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...
CVE-2026-3731
A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the raft server protocol. An attacker can access sensitive server resources, including directories and files, by sending unauthenticated requests. Remediatio...
thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...
thrift: Endless loop when feed with specific input data
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...
thrift: Endless loop when feed with specific input data
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...
thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...
Apache Thrift CVE-2019-0210 Remote Security Vulnerability
Description Apache Thrift is prone to a remote security vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apache Thrift versions 0.9.3 through 0.12.0 are vulnerable. Technologies Affected Apache...
Apache Qpid Proton python API plaintext transfer vulnerability
Apache Qpid is an object-oriented messaging middleware developed by the Apache Software Foundation. The Proton python API is an API that supports the python language and implements the AMQP 1.0 protocol. A security vulnerability exists in the Apache Qpid Proton python API versions 0.9 through...