6 matches found
CVE-2026-24013
Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...
EUVD-2026-41856
Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...
PT-2024-10616 · Unknown · Acumos Design Studio
Name of the Vulnerable Software and Affected Versions: Acumos Design Studio versions up to 2.0.7 Description: A vulnerability was found in Acumos Design Studio, which can be exploited to lead to cross site scripting. The manipulation can be launched remotely. Recommendations: For Acumos Design...
AZL-37343 CVE-2023-49292 affecting package golang for versions less than 1.21.6-1
ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate, Decapsulate and ECDH could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade...
AZL-58246 CVE-2023-49292 affecting package golang for versions less than 1.20.7-1
ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate, Decapsulate and ECDH could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade...
AZL-78898 CVE-2023-49292 affecting package golang 1.25.7-1
ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate, Decapsulate and ECDH could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade...