Lucene search
K

10 matches found

EUVD
EUVD
added 2026/03/31 5:5 p.m.6 views

EUVD-2026-17575

Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. To remediate this issue, user...

7.7CVSS6.4AI score0.00376EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 5:5 p.m.18 views

CVE-2026-5190

The CVE-2026-5190 entry concerns aws-c-event-stream’s streaming decoder, where an out-of-bounds write prior to version 0.6.0 can allow memory corruption and potentially arbitrary code execution on a client application that processes crafted event-stream messages. Affected component: streaming dec...

7.7CVSS6.4AI score0.00376EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.7 views

PT-2026-29320

Name of the Vulnerable Software and Affected Versions aws-c-event-stream versions prior to 0.6.0 Description A flaw exists in the streaming decoder component of aws-c-event-stream that could allow a third party operating a server to cause memory corruption, potentially leading to arbitrary code...

7.7CVSS6.3AI score0.00376EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/17 7:49 p.m.8 views

astral-tokio-tar insufficiently validates PAX extensions during extraction

Impact In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by having...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/05 12:30 p.m.9 views

Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode

An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized...

5.4CVSS6.9AI score0.00336EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/11/05 9:26 a.m.5 views

CVE-2025-58337 Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server

An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized...

5.4CVSS6AI score0.00336EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/05 9:26 a.m.4 views

CVE-2025-58337 Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server

An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized...

6.4AI score0.00336EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/17 8:46 p.m.13 views

Pingora update for MadeYouReset HTTP/2 vulnerability

Pingora deployments that include HTTP/2 server support may be affected by the vulnerability described in CVE-2025-8671. Under certain conditions, Pingora applications may allocate buffers before the HTTP/2 reset and resulting stream cancellation is processed by the server. Repeated resets can for...

7.5CVSS6.8AI score0.04604EPSS
Exploits3References3Affected Software1
Snyk
Snyk
added 2025/09/08 3:23 p.m.6 views

Heap-based Buffer Overflow

Overview toodee is an a lightweight and high performance two-dimensional wrapper around a growable Vec. Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the DrainCol::drop destructor. An attacker can cause memory corruption or potentially execute arbitrary code b...

9.4CVSS8AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/05/04 2:22 a.m.6 views

SUSE CVE-2024-34063

vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies the Dalek crates, which moved secret zeroization capabilities behind a feature flag and...

2.5CVSS6.8AI score0.00135EPSS
Exploits0References3
Rows per page
Query Builder