BIT-ENVOY-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

CVE-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

CVE-2026-47204

Envoy CVE-2026-47204 affects the envoy.filters.http.grpc_stats filter. From 1.26.0 up to 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a Connect protocol request (Content-Type: application/connect+proto or application/connect+json) hitting a direct_response route could crash the Envoy process due to a nul...

PT-2026-52882

Name of the Vulnerable Software and Affected Versions Envoy versions 1.26.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The envoy.filters.http.grpc stats filter is subject to a null pointer dereference,...

CURL-CVE-2026-3784 wrong proxy connection reuse with credentials

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

CVE-2026-28802

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

MiracleLinux 4 : stunnel-4.29-3.AXS4 (AXSA:2013-374:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-374:01 advisory. Stunnel is a socket wrapper which can provide SSL Secure Sockets Layer support to ordinary applications. For example, it can be used in conjunction with imapd...

SUSE CVE-2025-66270

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49...

CVE-2025-66270

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49...

CVE-2025-66270

The CVE-2025-66270 entry concerns KDE Connect protocol 8 prior to 2025-11-28, with affected releases across multiple platforms: desktop KDE Connect before 25.12, iOS KDE Connect before 0.5.4, Android KDE Connect before 1.34.4, GSConnect before 68, and Valent before 1.0.0.alpha.49. The underlying ...

EUVD-2025-201362

In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5...

CVE-2025-32439

pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even...

CVE-2025-32439

pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even...

CVE-2025-32439

CVE-2025-32439 affects pleezer prior to version 0.16.0. Root cause: hook scripts are spawned without proper child process cleanup, causing zombie processes to accumulate with each track change and playback event. This can lead to resource exhaustion as the system process table fills, potentially ...

SUSE CVE-2013-1762

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow...

CVE-2022-39387 XWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication

XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWi...

verlihub <= 0.9.8d-RC2 Remote Command Execution Vulnerability

No description provided by source. == verlihub =0.9.8d-RC2 remote r00t / command execution ======================= | ' / | / / \---'-|---\ | |' / / / '. V ,--' ':./ description:-------------------------------------------------------------------- Verlihub is a Direct Connect protocol server; runs...

Debian DSA-2664-1 : stunnel4 - buffer overflow

Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager NTLM authentication 'protocolAuthentication = NTLM' together with the 'connect'protocol method 'protocol = connect'. With these...

DSA-2664-1 stunnel4 - buffer overflow

Bulletin has no description...

CVE-2013-1762

CVE-2013-1762 affects stunnel 4.21–4.54 when NTLM authentication and CONNECT protocol negotiation are enabled. A mis-handled integer conversion can trigger a buffer overflow, allowing a remote attacker to execute arbitrary code via a crafted request to a proxy. Connected advisories consistently c...