Lucene search
+L

25 matches found

redhatcve
redhatcve
added 2026/07/02 5:17 p.m.10 views

CVE-2026-47204

A flaw was found in Envoy, an open source edge and service proxy. A remote attacker can exploit this vulnerability by sending a specially crafted Connect protocol request to a direct response route. This action causes the envoy.filters.http.grpcstats filter to crash, leading to a denial of servic...

7.5CVSS5.7AI score0.00448EPSS
Exploits1References4
osv
osv
added 2026/06/29 5:40 a.m.5 views

BIT-ENVOY-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

7.5CVSS5.8AI score0.00448EPSS
Exploits1References2
cvelist
cvelist
added 2026/06/26 5:37 p.m.36 views

CVE-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

6.5CVSS0.00448EPSS
Exploits1References1
cve
cve
added 2026/06/26 5:37 p.m.20 views

CVE-2026-47204

Envoy CVE-2026-47204 affects the envoy.filters.http.grpc_stats filter. From 1.26.0 up to 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a Connect protocol request (Content-Type: application/connect+proto or application/connect+json) hitting a direct_response route could crash the Envoy process due to a nul...

7.5CVSS5.8AI score0.00448EPSS
Exploits1References1Affected Software1
osv
osv
added 2026/06/26 5:37 p.m.3 views

CVE-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

6.5CVSS5.9AI score0.00448EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.17 views

PT-2026-52882

Name of the Vulnerable Software and Affected Versions Envoy versions 1.26.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The envoy.filters.http.grpc stats filter is subject to a null pointer dereference,...

7.5CVSS5.7AI score0.00448EPSS
Exploits1References3
osv
osv
added 2026/03/11 8:0 a.m.6 views

CURL-CVE-2026-3784 wrong proxy connection reuse with credentials

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

6.5CVSS5.8AI score0.00302EPSS
Exploits1
debiancve
debiancve
added 2026/03/06 6:44 a.m.6 views

CVE-2026-28802

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

9.8CVSS8.3AI score0.00425EPSS
Exploits1
nessus
nessus
added 2026/01/16 12:0 a.m.8 views

MiracleLinux 4 : stunnel-4.29-3.AXS4 (AXSA:2013-374:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-374:01 advisory. Stunnel is a socket wrapper which can provide SSL Secure Sockets Layer support to ordinary applications. For example, it can be used in conjunction with imapd...

6.6CVSS8.5AI score0.02932EPSS
Exploits0References2
susecve
susecve
added 2025/12/05 2:25 p.m.5 views

SUSE CVE-2025-66270

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49...

4.7CVSS7AI score0.00185EPSS
Exploits0References3
euvd
euvd
added 2025/12/05 12:0 a.m.4 views

EUVD-2025-201362

In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5...

4.3CVSS6.1AI score0.00107EPSS
Exploits0References3
cvelist
cvelist
added 2025/12/05 12:0 a.m.32 views

CVE-2025-66270

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49...

4.7CVSS0.00185EPSS
Exploits0References6
cve
cve
added 2025/12/05 12:0 a.m.21 views

CVE-2025-66270

The CVE-2025-66270 entry concerns KDE Connect protocol 8 prior to 2025-11-28, with affected releases across multiple platforms: desktop KDE Connect before 25.12, iOS KDE Connect before 0.5.4, Android KDE Connect before 1.34.4, GSConnect before 68, and Valent before 1.0.0.alpha.49. The underlying ...

4.7CVSS6.6AI score0.00185EPSS
Exploits0References6
redhatcve
redhatcve
added 2025/04/17 8:14 p.m.26 views

CVE-2025-32439

pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even...

6.5CVSS6.7AI score0.00334EPSS
Exploits0References1
nvd
nvd
added 2025/04/15 8:15 p.m.12 views

CVE-2025-32439

pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even...

6.5CVSS0.00334EPSS
Exploits0References1
cve
cve
added 2025/04/15 7:27 p.m.65 views

CVE-2025-32439

CVE-2025-32439 affects pleezer prior to version 0.16.0. Root cause: hook scripts are spawned without proper child process cleanup, causing zombie processes to accumulate with each track change and playback event. This can lead to resource exhaustion as the system process table fills, potentially ...

6.5CVSS6.5AI score0.00334EPSS
Exploits0References1
susecve
susecve
added 2023/02/15 5:40 a.m.4 views

SUSE CVE-2013-1762

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow...

6.6CVSS8.4AI score0.02932EPSS
Exploits0References5
osv
osv
added 2022/11/04 12:0 a.m.19 views

CVE-2022-39387 XWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication

XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWi...

9.1CVSS7.5AI score0.00895EPSS
Exploits0References5
seebug
seebug
added 2014/07/01 12:0 a.m.15 views

verlihub <= 0.9.8d-RC2 Remote Command Execution Vulnerability

No description provided by source. == verlihub =0.9.8d-RC2 remote r00t / command execution ======================= | ' / | / / \---'-|---\ | |' / / / '. V ,--' ':./ description:-------------------------------------------------------------------- Verlihub is a Direct Connect protocol server; runs...

7.1AI score
Exploits0
nessus
nessus
added 2013/05/03 12:0 a.m.29 views

Debian DSA-2664-1 : stunnel4 - buffer overflow

Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager NTLM authentication 'protocolAuthentication = NTLM' together with the 'connect'protocol method 'protocol = connect'. With these...

6.6CVSS9AI score0.02932EPSS
Exploits0References4
Rows per page
Query Builder