Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 9.28.0, there were security...

EUVD-2025-23915

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-22189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of...

CVE-2025-7054

Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000section-5.1 . Once the QUIC...

GHSA-M3HH-F9GH-74C2 quiche connection ID retirement can trigger an infinite loop

Impact Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000. Once the QUIC handshake completes, a local endpoint is responsible for...

CVE-2025-7054

Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000section-5.1 . Once the QUIC...

CVE-2025-7054

Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000section-5.1 . Once the QUIC...

picoquic 安全漏洞

picoquic is a minimal implementation of the QUIC protocol open-sourced by Private Octopus. A security vulnerability exists in picoquic that stems from the use of a weak hash function in the hash table used to manage connections. A remote attacker exploiting this vulnerability could cause...

UBUNTU-CVE-2024-22189

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

quic-go 安全漏洞

quic-go is an implementation of the QUIC protocol, RFC 9000 protocol, in Go by the individual developer Lucas Clemente. A security vulnerability exists in versions of quic-go prior to 0.42.0. An attacker exploiting this vulnerability could send a large number of NEWCONNECTIONID frames to obsolete...

PT-2024-18020 · Quiche · Quiche

Name of the Vulnerable Software and Affected Versions: Quiche versions prior to 0.19.2 Quiche versions prior to 0.20.1 Description: The issue is related to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connectio...

PT-2023-33059 · Amazon · S2N-Quic

Name of the Vulnerable Software and Affected Versions: s2n-quic versions =v1.24.0 Description: The issue in s2n-quic causes the endpoint to shut down due to a combination of peer-initiated connection migration and duplicate new connection ID frames being received. No AWS services are affected, an...

DEBIAN-CVE-2022-46393

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLSSSLDTLSCONNECTIONID is enabled and MBEDTLSSSLCIDINLENMAX 2 MBEDTLSSSLCIDOUTLENMAX...