Lucene search
K

102 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux - уязвимость в curl

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. The documentation states that this option works with wolfSSL, but does not specify that it does...

4.8CVSS6.8AI score0.00241EPSS
Exploits2References2
OSV
OSV
added 2026/05/04 1:12 p.m.9 views

JLSEC-2026-433 libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an...

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...

4.8CVSS6.8AI score0.00241EPSS
Exploits2References6
Snyk
Snyk
added 2026/01/08 10:42 a.m.3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the CURLOPTPINNEDPUBLICKEY option or --pinnedpubkey with the curl tool. An attacker can intercept or impersonate a server by exploiting the lack of public key verification when a connection is...

8.2CVSS5.8AI score0.00227EPSS
Exploits0References2
OSV
OSV
added 2026/01/08 10:15 a.m.7 views

ALPINE-CVE-2025-13034

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

5.9CVSS6.2AI score0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/08 10:0 a.m.4 views

CVE-2025-13034 No QUIC certificate pinning with GnuTLS

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

6.5AI score0.00227EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/08 10:0 a.m.26 views

CVE-2025-13034 No QUIC certificate pinning with GnuTLS

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

0.00227EPSS
Exploits0References2
curl security advisories
curl security advisories
added 2026/01/07 8:0 a.m.6 views

No QUIC certificate pinning with GnuTLS

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool, curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper...

5.9CVSS6.2AI score0.00227EPSS
Exploits0Affected Software2
UbuntuCve
UbuntuCve
added 2026/01/06 7:0 a.m.3 views

CVE-2025-13034

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

5.9CVSS6AI score0.00227EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-1658

Malware in sbrugna...

4.3CVSS7.8AI score0.01195EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2016-6235

Malware in sbrugna...

7.4CVSS8.6AI score0.02373EPSS
Exploits0References21
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-3184

Malware in sbrugna...

4.3CVSS9.3AI score0.01484EPSS
Exploits0References19
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2014-1660

Malware in sbrugna...

4.3CVSS7.6AI score0.02151EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2015-2831

Malware in sbrugna...

4.3CVSS7.3AI score0.01309EPSS
Exploits0References19
Snyk
Snyk
added 2025/05/28 7:41 a.m.3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation through pinning of the server certificate public key for HTTPS transfers. An attacker can impersonate a legitimate server and intercept or manipulate communications by presenting a fraudulent certificate...

6.5CVSS6.6AI score0.00241EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:59 a.m.8 views

CVE-2023-42801

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a...

7.6CVSS7.2AI score0.00793EPSS
Exploits1References1
NVD
NVD
added 2023/12/14 5:15 p.m.42 views

CVE-2023-42801

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a...

7.6CVSS0.00793EPSS
Exploits1References4
Prion
Prion
added 2023/12/14 5:15 p.m.37 views

Buffer overflow

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a...

6.8CVSS7.5AI score0.00793EPSS
Exploits1References4Affected Software7
Cvelist
Cvelist
added 2023/12/14 5:2 p.m.41 views

CVE-2023-42801 Stack buffer overflow due to `strcpy` into fixed size buffer in `extractVersionQuadFromString`

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a...

7.6CVSS8.1AI score0.00793EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:30 a.m.2 views

SUSE CVE-2014-1584

The Public Key Pinning PKP implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to...

4.3CVSS8.4AI score0.02151EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:30 a.m.2 views

SUSE CVE-2014-1582

The Public Key Pinning PKP implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site b...

4.3CVSS8.5AI score0.01195EPSS
Exploits0References4
Rows per page
Query Builder