Lucene search
+L

1419 matches found

osv
osv
added yesterday4 views

MGASA-2026-0253 Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion. CVE-2026-7383 Out-of-Bounds Read in CMS Password-Based Decryption. CVE-2026-9076 Heap Buffer Over-read in ASN.1 Content Parsing. CVE-2026-34180 PKCS12 Files with PBMAC1 Are...

9.1CVSS6.1AI score0.02719EPSS
Exploits0References8
nvd
nvd
added yesterday4 views

CVE-2026-47703

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by producing dnsid=0 or txid=0 and exposed a quoted-port ICMP source-port oracle, weakening DNS response...

6.3CVSS0.00047EPSS
Exploits0References1
cve
cve
added yesterday42 views

CVE-2026-47703

Summary: CVE-2026-47703 affects AdGuard Home and its DoQ-to-UDP forwarding path. Prior to version 0.107.75, the backend UDP path could collapse the DNS transaction ID (txid) to 0 on client-triggered DoQ queries, reducing the entropy of the backend tuple from (txid, source-port) to only the source...

6.3CVSS6.1AI score0.00047EPSS
Exploits0References1
redhatcve
redhatcve
added 6 days ago9 views

CVE-2026-40898

A flaw was found in quic-go, an implementation of the QUIC protocol in Go. A remote attacker can exploit this by sending specially crafted HTTP/3 trailer fields. This can cause the system to allocate excessive memory, leading to a denial-of-service DoS condition where the affected server or clien...

7.5CVSS6AI score0.00279EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/07/06 11:3 p.m.8 views

CVE-2026-11352

A flaw was found in curl and libcurl. A malicious HTTP/3 server can exploit an issue in the QUIC UDP receive function by continuously streaming empty UDP datagrams. This can lead to a remote denial of service DoS against a curl or libcurl client, as the helper function discards zero-length UDP...

7.5CVSS6.1AI score0.0101EPSS
Exploits1References6
cvelist
cvelist
added 2026/07/03 6:12 a.m.47 views

CVE-2026-11352 QUIC zero-length UDP datagrams busy-loop

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

0.0101EPSS
Exploits1References3
cve
cve
added 2026/07/03 6:12 a.m.36 views

CVE-2026-11352

The CVE-2026-11352 issue affects curl/libcurl: a bug in the QUIC UDP receive path discards zero-length UDP datagrams instead of counting them toward the per-call budget, enabling a connected HTTP/3 peer to continuously send empty datagrams and cause a remote denial-of-service against curl or libc...

7.5CVSS6.7AI score0.0101EPSS
Exploits1References3Affected Software1
alpinelinux
alpinelinux
added 2026/07/03 6:12 a.m.8 views

CVE-2026-11352

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS6.7AI score0.0101EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.17 views

PT-2026-54772

Name of the Vulnerable Software and Affected Versions erlang/quic versions prior to 1.4.4 Description The QUIC client fails to authenticate the server during the TLS 1.3 handshake. Specifically, the verify process is ineffective because the CertificateVerify signature is not checked, the...

9.1CVSS5.8AI score
Exploits0References5
nessus
nessus
added 2026/07/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-13799

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in QUIC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic...

8.1CVSS6.2AI score0.00298EPSS
Exploits0References2
nvd
nvd
added 2026/06/30 11:16 p.m.4 views

CVE-2026-13799

Use after free in QUIC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. Chromium security severity: High...

8.1CVSS0.00298EPSS
Exploits0References2
osv
osv
added 2026/06/30 11:16 p.m.3 views

DEBIAN-CVE-2026-13799

Use after free in QUIC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. Chromium security severity: High...

8.1CVSS5.8AI score0.00298EPSS
Exploits0References1
cve
cve
added 2026/06/30 10:37 p.m.22 views

CVE-2026-13799

CVE-2026-13799 is a heap-corruption risk caused by a Use-After-Free in QUIC within Google Chrome prior to 150.0.7871.47. Public sources consistently describe the vulnerability as a QUIC-related use-after-free issue that could be triggered by malicious network traffic, leading to potential heap co...

8.1CVSS5.8AI score0.00298EPSS
Exploits0References2Affected Software1
nessus
nessus
added 2026/06/28 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-40211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at...

5.3CVSS6.2AI score0.00413EPSS
Exploits0References3
osv
osv
added 2026/06/26 11:6 a.m.3 views

SUSE-SU-2026:2648-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS6.3AI score0.02719EPSS
Exploits0References27
osv
osv
added 2026/06/25 10:34 p.m.6 views

GO-2026-5756 AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle in github.com/AdguardTeam/AdGuardHome

AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle in github.com/AdguardTeam/AdGuardHome...

6.3CVSS5.8AI score0.00047EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/25 12:23 p.m.5 views

CVE-2026-40211

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS6.1AI score0.00413EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/06/25 12:23 p.m.6 views

EUVD-2026-39350

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS6.1AI score0.00413EPSS
Exploits0References1
osv
osv
added 2026/06/25 12:23 p.m.2 views

CVE-2026-40211 Denial of service via crafted DoH3 queries

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS6.1AI score0.00413EPSS
Exploits0References5
alpinelinux
alpinelinux
added 2026/06/25 12:23 p.m.8 views

CVE-2026-40211

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS6.1AI score0.00413EPSS
Exploits0
Rows per page
Query Builder