Lucene search
+L

72 matches found

Cvelist
Cvelist
added yesterday21 views

CVE-2026-44436 Quicly is vulnerable to connection state corruption

Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 8b178e6, Quicly is vulnerable to a Denial of Service attack through connection state corruption. In QUIC Invariants, the maximum length of a Connection ID is 255 bytes, while QUIC...

7.5CVSS0.00052EPSS
Exploits0References2
CVE
CVE
added 3 days ago11 views

CVE-2026-12707

CVE-2026-12707 affects Cloudflare quiche. After QUIC handshakes, an attacker can trigger unbounded queuing of PathEvent::ReusedSourceConnectionId during rapid source address migration, causing memory resource exhaustion. Affected component is quiche’s PathEvents collection (path_event_next() drai...

7.5CVSS6.1AI score0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 10:10 p.m.12 views

EUVD-2026-38003

Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions...

5.6CVSS5.8AI score0.0017EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 10:10 p.m.15 views

Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions

Impact Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The quicheconnectioniditernext and quicheconnretiredscidnext functions would return a pointer to a ConnectionId to the applications via function arguments, but the the owned...

5.6CVSS5.8AI score0.0017EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/19 9:55 a.m.31 views

CVE-2026-11941

Cloudflare Quiche contains two use-after-free flaws in the FFI path for connection IDs. The issues affect the quiche_connection_id_iter_next and quiche_conn_retired_scid_next functions, where a owned ConnectionId is returned to the application via an argument but is dropped at the end of the func...

5.6CVSS5.8AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 9:55 a.m.33 views

CVE-2026-11941 Use-after-free in connection ID iterator and FFI functions

Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quicheconnectioniditernext” and “quicheconnretiredscidnext” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned...

5.6CVSS0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 9:55 a.m.7 views

CVE-2026-11941

Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quicheconnectioniditernext” and “quicheconnretiredscidnext” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned...

5.6CVSS5.8AI score0.0017EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 9:55 a.m.4 views

CVE-2026-11941 Use-after-free in connection ID iterator and FFI functions

Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quicheconnectioniditernext” and “quicheconnretiredscidnext” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned...

5.6CVSS5.8AI score0.0017EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.31 views

PT-2026-50870

Name of the Vulnerable Software and Affected Versions Cloudflare Quiche versions prior to 0.29.2 Description Two use-after-free issues exist in the connection ID iterator FFI Foreign Function Interface functions. The functions quiche connection id iter next and quiche conn retired scid next retur...

5.6CVSS5.8AI score0.0017EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/15 8:44 p.m.12 views

EUVD-2026-36462

Netty: QUIC stateless reset token material exposed through header-visible connection IDs...

4.8CVSS5.2AI score0.00204EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 4:16 p.m.16 views

CVE-2026-50009

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...

4.8CVSS0.00204EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 4:16 p.m.7 views

UBUNTU-CVE-2026-50009

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...

4.8CVSS5.4AI score0.00204EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48901

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.15.Final Description Netty QUIC exposes the stateless reset token on the network path when utilizing the default HMAC-based connection-ID and stateless-reset-token generators. Specifically, the...

4.8CVSS5.3AI score0.00204EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/19 9:32 p.m.11 views

Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS5.4AI score0.00413EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/05/19 8:16 p.m.3 views

PYSEC-2026-595

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS5.9AI score0.00413EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/19 8:16 p.m.4 views

PYSEC-2026-595

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS5.7AI score0.00413EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/19 7:17 p.m.9 views

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS5.8AI score0.00413EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a access control vulnerability. This vulnerability arises from the fact that multiple dataset and data request endpoints are authorized only to project members wi...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 11:16 a.m.2 views

CVE-2026-23395

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending FLAGDEFERSETUP which can cau...

8.8CVSS0.00249EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-23395

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause...

8.8CVSS6.5AI score0.00249EPSS
Exploits0References3
Rows per page
Query Builder