Lucene search
K

42 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.1 views

EUVD-2025-16303

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00248EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-43054

Malicious code in bioql PyPI...

7.5CVSS6.2AI score0.01137EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-23915

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00385EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.6 views

PT-2025-32266 · Cloudflare · Cloudflare Quiche

Name of the Vulnerable Software and Affected Versions: Cloudflare quiche versions 0.15.0 through 0.24.5 Description: Cloudflare quiche is susceptible to an infinite loop when processing packets containing RETIRE CONNECTION ID frames. QUIC connections utilize connection identifiers IDs with sequen...

8.7CVSS6.6AI score0.00385EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/30 6:54 a.m.11 views

CVE-2025-4947

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

6.5CVSS6.7AI score0.00248EPSS
Exploits1References1
NVD
NVD
added 2025/05/28 7:15 a.m.18 views

CVE-2025-4947

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

6.5CVSS0.00248EPSS
Exploits1References4
OSV
OSV
added 2025/05/28 6:29 a.m.7 views

CVE-2025-5025 No QUIC certificate pinning with wolfSSL

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...

4.8CVSS6.7AI score0.00253EPSS
Exploits2References6
OSV
OSV
added 2025/05/28 6:29 a.m.4 views

CVE-2025-4947 QUIC certificate check skip with wolfSSL

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

6.5CVSS6.8AI score0.00248EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/05/28 6:29 a.m.21 views

CVE-2025-4947 QUIC certificate check skip with wolfSSL

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

6.7AI score0.00248EPSS
Exploits1References3
CVE
CVE
added 2025/05/28 6:29 a.m.115 views

CVE-2025-4947

CWE-2025-4947 affects libcurl: when using QUIC, a host specified by an IP address in the URL may bypass certificate verification, preventing detection of impostors or MITM attacks. Documents confirm the vulnerability, its impact (certificate check bypass for QUIC/HTTP3), and that it is being trac...

6.5CVSS6.4AI score0.00248EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinux
added 2025/05/28 6:29 a.m.10 views

CVE-2025-4947

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

6.5CVSS6.9AI score0.00248EPSS
Exploits1
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.2 views

libcurl 安全漏洞

libcurl is a free and easy-to-use client-side URL transport library from the cURL open source. A security vulnerability exists in libcurl that stems from skipping certificate validation during QUIC connections, which could lead to a man-in-the-middle attack...

6.5CVSS6.5AI score0.00248EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/05/13 8:49 a.m.4 views

golang: crypto/tls: panic when processing post-handshake message on QUIC connections

A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...

7.5CVSS7.3AI score0.01146EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/02/20 12:0 a.m.9 views

PT-2025-7549 · Lsquic · Lsquic

Name of the Vulnerable Software and Affected Versions: LSQUIC versions prior to 4.2.0 Description: A hash collision vulnerability in the hash table used to manage connections allows remote attackers to cause a considerable CPU load on the server by initiating connections with colliding Source...

5.3CVSS7.2AI score0.00622EPSS
Exploits0References8
CVE
CVE
added 2024/12/02 4:12 p.m.318 views

CVE-2024-53259

CVE-2024-53259 affects the quic-go QUIC implementation. An off-path attacker can inject an ICMP Packet Too Large when IP_PMTUDISC_DO is used, causing the kernel to return a “message too large” error on sendmsg if a QUIC packet exceeds the MTU claimed in the ICMP message. This can disrupt a QUIC c...

6.5CVSS6.2AI score0.00608EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/05/29 1:33 p.m.5 views

golang: crypto/tls: panic when processing post-handshake message on QUIC connections

A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...

7.5CVSS7.3AI score0.01146EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.40 views

RHEL 8 / 9 : OpenShift Container Platform 4.14.2 (RHSA-2023:6840)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6840 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References19
Veracode
Veracode
added 2024/04/06 12:34 a.m.35 views

Certificate Validation

curl is vulnerable to Certificate Validation. The vulnerability is due to a flaw in libcurl when built with wolfSSL and the error path inadvertently bypassing certificate verification when encountering unknown or bad ciphers or curves, allows for certificate verification to be skipped for QUIC...

6.3CVSS6.1AI score0.01709EPSS
Exploits1References12Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.47 views

RHCOS 4 : OpenShift Container Platform 4.14.2 (RHSA-2023:6840)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6840 advisory. - golang: net/http: insufficient sanitization of Host header CVE-2023-29406 - golang: crypto/tls: slow verification of certificate...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References19
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.68 views

RHCOS 4 / 9 : OpenShift Container Platform 4.14.0 (RHSA-2023:5009)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5009 advisory. - golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 - kube-apiserver: Bypassing policies imposed by the...

9.8CVSS7.2AI score0.99999EPSS
Exploits22References31
Rows per page
Query Builder