Lucene search
K

14 matches found

OpenVAS
OpenVAS
added 2025/09/15 12:0 a.m.2 views

SUSE: Security Advisory (SUSE-SU-2025:03198-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.01301EPSS
Exploits7References13
SUSE Linux
SUSE Linux
added 2025/09/12 12:15 p.m.5 views

Security update for curl

This update for curl fixes the following issues: Update to version 8.14.1 jscPED-13055, jscPED-13056. Security issues fixed: CVE-2025-0665: eventfd double close can cause libcurl to act unreliably bsc1236589. CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks...

8.3CVSS7.6AI score0.01301EPSS
Exploits7References36
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.5 views

Azure Linux 3.0 Security Update: cmake (CVE-2025-4947)

The version of cmake installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4947 advisory. - libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specifi...

6.5CVSS6.8AI score0.00248EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.4 views

CBL Mariner 2.0 Security Update: cmake / mysql (CVE-2025-4947)

The version of cmake / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4947 advisory. - libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host...

6.5CVSS6.8AI score0.00248EPSS
Exploits1References2
CBLMariner
CBLMariner
added 2025/07/10 3:9 p.m.5 views

CVE-2025-4947 affecting package cmake for versions less than 3.30.3-7

CVE-2025-4947 affecting package cmake for versions less than 3.30.3-7. A patched version of the package is available...

6.5CVSS7.3AI score0.00248EPSS
Exploits1
OPENSUSE Linux
OPENSUSE Linux
added 2025/05/31 12:0 a.m.5 views

curl-8.14.0-1.1 on GA media (moderate)

curl-8.14.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15176-1 Rating: moderate Cross-References: CVE-2025-4947 CVE-2025-5025 CVSS scores: CVE-2025-4947 SUSE : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2025-4947 SUSE : 8.3...

8.3CVSS7.5AI score0.00253EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/05/30 6:54 a.m.11 views

CVE-2025-4947

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

6.5CVSS6.7AI score0.00248EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/05/30 12:0 a.m.12 views

Curl 8.8.0 < 8.14.0 Improper Certificate Validation (CVE-2025-4947)

The version of Curl installed on the remote host is is missing security update. It is, therefore, affected by a improper certificate validation vulnerability. - libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the...

6.5CVSS6.8AI score0.00248EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/05/29 12:0 a.m.6 views

Slackware: Security Advisory (SSA:2025-148-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.1AI score0.00253EPSS
Exploits3References6
Vulnrichment
Vulnrichment
added 2025/05/28 6:29 a.m.21 views

CVE-2025-4947 QUIC certificate check skip with wolfSSL

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

6.7AI score0.00248EPSS
Exploits1References3
CVE
CVE
added 2025/05/28 6:29 a.m.115 views

CVE-2025-4947

CWE-2025-4947 affects libcurl: when using QUIC, a host specified by an IP address in the URL may bypass certificate verification, preventing detection of impostors or MITM attacks. Documents confirm the vulnerability, its impact (certificate check bypass for QUIC/HTTP3), and that it is being trac...

6.5CVSS6.4AI score0.00248EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/05/28 6:29 a.m.19 views

CVE-2025-4947 QUIC certificate check skip with wolfSSL

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

0.00248EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2025/05/28 12:0 a.m.11 views

curl -- Multiple vulnerabilities

curl security team reports: CVE-2025-5025: No QUIC certificate pinning with wolfSSL CVE-2025-4947: QUIC certificate check skip with wolfSSL...

6.5CVSS7.4AI score0.00253EPSS
Exploits3References2
Hacker One
Hacker One
added 2025/05/17 6:1 a.m.469 views

curl: CVE-2025-4947: QUIC certificate check skip with wolfSSL

Summary: When using WolfSSL as the TLS backend, there is an issue where the CN or SAN in the certificate is not verified when connecting to an IP address over HTTP/3. wolfSSLX509checkhost is only called when peer-sni is not NULL. However, when an IP address is specified, peer-sni is NULL, so the...

6.5CVSS6.6AI score0.00248EPSS
Exploits1
Rows per page
Query Builder