CVE-2026-0960 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service...

CVE-2026-0960 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service...

CVE-2026-0960 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service...

CVE-2026-0960

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service...

PT-2026-2953

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.2 Description An infinite loop in the HTTP3 protocol dissector can lead to a denial of service. Recommendations Update to a newer version that contains a fix for this vulnerability...

GO-2026-4289 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages in github.com/coredns/coredns

CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages in github.com/coredns/coredns...

EUVD-2026-1476

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...

Linux Distros Unpatched Vulnerability : CVE-2025-13945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service CVE-2025-13945 Note that Nessus relies on the presence of the package as reported by...

UBUNTU-CVE-2025-13945

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service...

CVE-2025-13945 Improperly Controlled Sequential Memory Allocation in Wireshark

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service...

OPENSUSE-SU-2025:20065-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Changes in MozillaFirefox: Firefox Extended Support Release 140.5.0 ESR: Fixed: Various security fixes MFSA 2025-88 bsc1253188: CVE-2025-13012 Race condition in the Graphics component CVE-2025-13016 Incorrect boundary conditions in the...

openSUSE Security Advisory (SUSE-SU-2025:03462-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2025-27133

Malicious code in bioql PyPI...

EUVD-2024-16006

Malicious code in bioql PyPI...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2025:03447-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:03447-1 advisory. Update to Firefox Extended Support Release 140.3.1 ESR bsc1250452. - Improved reliability when HTTP/3 connections fail: Firefox no longer forces HTTP/...

Use After Free

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free that could allow remote code...

Use After Free

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free that could allow remote code...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free that could allow remote code execution when closing an HTTP/3 stream. An attacker can exploit a race condition when the application code is writing to the response body. Note: HTTP/3 is not enabled by default. This issue...

curl: HTTP/3 Stream Dependency Cycle Exploit

Penetration Testing Report: HTTP/3 Stream Dependency Cycle Exploit --- 0x00 Overview A novel exploit leveraging stream dependency cycles in the HTTP/3 protocol stack was discovered, resulting in memory corruption and potential denial-of-service or remote code execution scenarios when used against...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or...