10 matches found
EUVD-2026-17575
Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. To remediate this issue, user...
CVE-2026-5190
The CVE-2026-5190 entry concerns aws-c-event-stream’s streaming decoder, where an out-of-bounds write prior to version 0.6.0 can allow memory corruption and potentially arbitrary code execution on a client application that processes crafted event-stream messages. Affected component: streaming dec...
PT-2026-29320
Name of the Vulnerable Software and Affected Versions aws-c-event-stream versions prior to 0.6.0 Description A flaw exists in the streaming decoder component of aws-c-event-stream that could allow a third party operating a server to cause memory corruption, potentially leading to arbitrary code...
astral-tokio-tar insufficiently validates PAX extensions during extraction
Impact In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by having...
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode
An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized...
CVE-2025-58337 Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server
An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized...
CVE-2025-58337 Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server
An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized...
Pingora update for MadeYouReset HTTP/2 vulnerability
Pingora deployments that include HTTP/2 server support may be affected by the vulnerability described in CVE-2025-8671. Under certain conditions, Pingora applications may allocate buffers before the HTTP/2 reset and resulting stream cancellation is processed by the server. Repeated resets can for...
Heap-based Buffer Overflow
Overview toodee is an a lightweight and high performance two-dimensional wrapper around a growable Vec. Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the DrainCol::drop destructor. An attacker can cause memory corruption or potentially execute arbitrary code b...
SUSE CVE-2024-34063
vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies the Dalek crates, which moved secret zeroization capabilities behind a feature flag and...