Lucene search
K

10 matches found

Snyk
Snyk
added 5 days ago6 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the curleasycleanup process after configuring an HTTP/2 stream-dependency tree using CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE and invoking curleasyreset. An attacker can cause the application to access freed memor...

9.8CVSS6.2AI score0.00631EPSS
Exploits1References2
Snyk
Snyk
added 5 days ago5 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to the lack of an upper bound on memory allocation for unacknowledged WebSocket PING frames. An attacker can cause memory exhaustion by sending a rapid sequence of PING messages from a malicious server. Details...

8.7CVSS6AI score0.00609EPSS
Exploits1References2
Snyk
Snyk
added 5 days ago7 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the Authorization header handling process. An attacker can cause sensitive authentication information to be sent to an unintended origin by reusing a handle for transfers to different HTTP origins...

9.8CVSS6AI score0.00754EPSS
Exploits1References2
Snyk
Snyk
added 5 days ago5 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the udpreceive process. An attacker can cause the client to enter a busy-loop and become unresponsive by continuously sending zero-length UDP datagrams from a malicious HTTP/3 server. Remediation Upgrade libcurl to...

8.7CVSS6.2AI score0.0075EPSS
Exploits1References2
Snyk
Snyk
added 5 days ago7 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the cookie parsing process. An attacker can cause unauthorized cookies to be set and transmitted to unrelated third-party domains by crafting HTTP responses that exploit improper doma...

9.1CVSS5.9AI score0.00536EPSS
Exploits1References2
Snyk
Snyk
added 5 days ago4 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to incomplete matching of mTLS configuration options during connection reuse in the connection process. An attacker can cause connections to be reused with incorrect client certificate...

9.3CVSS6.1AI score0.00281EPSS
Exploits1References2
Snyk
Snyk
added 5 days ago7 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the CURLOPTSSHKEYFUNCTION process. An attacker can intercept or manipulate data by presenting a server host key type that does not match the recorded key type in the knownhosts file, which is improperl...

8.3CVSS6AI score0.00384EPSS
Exploits1References2
Snyk
Snyk
added 5 days ago5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the process responsible for clearing proxy authentication credentials. An attacker can gain unauthorized access to sensitive proxy credentials by leveraging subsequent transfers that reuse stale authentication...

9.8CVSS6AI score0.00754EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/13 11:16 a.m.11 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the OCSP stapling process with Apple SecTrust. An attacker can cause the client to accept invalid or revoked server certificates by exploiting the failure to properly detect OCSP response problems. Not...

9.1CVSS5.7AI score0.00267EPSS
Exploits1References2
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2026/02/17 1:32 p.m.8 views

[R2] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2

R2 Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2 Arnie Cabral Tue, 02/17/2026 - 08:32 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components...

6.5AI score
Exploits0
Rows per page
Query Builder