Lucene search
K

214 matches found

OSV
OSV
added 2025/10/16 5:47 p.m.5 views

CVE-2025-62409 Envoy allows large requests and responses to cause TCP connection pool crash

Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is...

8.7CVSS7AI score0.00415EPSS
Exploits0References3
OSV
OSV
added 2025/10/10 3:4 p.m.2 views

JLSEC-2025-31 An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature ...

An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...

5.9CVSS6.9AI score0.01607EPSS
Exploits1References10
OSV
OSV
added 2025/10/10 3:4 p.m.6 views

JLSEC-2025-28 libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if ...

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

4.3CVSS6.8AI score0.0627EPSS
Exploits1References30
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-1752

Malware in sbrugna...

4.6CVSS6.4AI score0.00362EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-5751

Malware in sbrugna...

7.5CVSS7.6AI score0.01799EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-1444

Malware in sbrugna...

5.9CVSS6AI score0.01453EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-10053

Malware in sbrugna...

4.3CVSS6.1AI score0.0627EPSS
Exploits1References24
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-9290

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00999EPSS
Exploits0References2
NVD
NVD
added 2025/08/15 3:15 p.m.5 views

CVE-2025-24975

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when...

8.8CVSS0.00474EPSS
Exploits1References5
OSV
OSV
added 2025/08/15 3:15 p.m.1 views

DEBIAN-CVE-2025-24975

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when...

8.8CVSS5.3AI score0.00474EPSS
Exploits1References1
OSV
OSV
added 2025/08/15 3:15 p.m.7 views

UBUNTU-CVE-2025-24975

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when...

8.8CVSS5.8AI score0.00474EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/15 3:11 p.m.3 views

CVE-2025-24975 Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when...

7.1CVSS6.9AI score0.00474EPSS
Exploits1References3
CVE
CVE
added 2025/08/15 3:11 p.m.44 views

CVE-2025-24975

Firebird CVE-2025-24975 affects snapshot series prior to 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 where ExtConnPoolSize is not 0 and CryptCallback interface presence does not match, potentially causing a server segfault and exposure across encrypted and unencrypted databases. Patches exist in snapsh...

8.8CVSS6.4AI score0.00474EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2025/08/15 3:11 p.m.5 views

CVE-2025-24975

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when...

8.8CVSS5.3AI score0.00474EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.5 views

PT-2025-33489 · Firebird · Firebird

Name of the Vulnerable Software and Affected Versions: Firebird versions prior to 4.0.6.3183 Firebird versions prior to 5.0.2.1610 Firebird versions prior to 6.0.0.609 Description: Firebird is a relational database. If the ExtConnPoolSize parameter is not set to 0, a server process segfault may...

8.8CVSS6.4AI score0.00474EPSS
Exploits1References12
BDU FSTEC
BDU FSTEC
added 2025/06/30 12:0 a.m.6 views

The vulnerability of the Pgpool-II database connection pool management tool lies in the unencrypted storage of confidential information, allowing attackers to gain access to this confidential data.

The vulnerability of the Pgpool-II database connection pool management tool is related to the unencrypted storage of confidential information. Exploiting this vulnerability could allow an attacker operating remotely to gain access to confidential data...

6.8CVSS6.5AI score0.00704EPSS
Exploits0References9Affected Software4
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.8 views

The vulnerability of the PostgreSQL PgBouncer connection pool program, related to authentication process flaws, allows attackers to gain unauthorized access to the application.

The vulnerability of the PgBouncer connection pool program in PostgreSQL involves deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to the application...

8.1CVSS7.4AI score0.00305EPSS
Exploits0References7Affected Software4
Github Security Blog
Github Security Blog
added 2025/05/28 12:30 p.m.13 views

Hackney fails to properly release HTTP connections to the pool

Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release...

2.3CVSS6.9AI score0.00727EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/05/28 12:30 p.m.4 views

GHSA-9FM9-HP7P-53MF Hackney fails to properly release HTTP connections to the pool

Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release...

2.3CVSS7.2AI score0.00727EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2025/05/28 12:15 p.m.3 views

CVE-2025-3864

Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release...

2.3CVSS5.8AI score0.00727EPSS
Exploits0References4
Rows per page
Query Builder