42 matches found
EUVD-2025-16303
Malicious code in bioql PyPI...
EUVD-2023-43054
Malicious code in bioql PyPI...
EUVD-2025-23915
Malicious code in bioql PyPI...
PT-2025-32266 · Cloudflare · Cloudflare Quiche
Name of the Vulnerable Software and Affected Versions: Cloudflare quiche versions 0.15.0 through 0.24.5 Description: Cloudflare quiche is susceptible to an infinite loop when processing packets containing RETIRE CONNECTION ID frames. QUIC connections utilize connection identifiers IDs with sequen...
CVE-2025-4947
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...
CVE-2025-4947
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...
CVE-2025-5025 No QUIC certificate pinning with wolfSSL
libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...
CVE-2025-4947 QUIC certificate check skip with wolfSSL
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...
CVE-2025-4947 QUIC certificate check skip with wolfSSL
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...
CVE-2025-4947
CWE-2025-4947 affects libcurl: when using QUIC, a host specified by an IP address in the URL may bypass certificate verification, preventing detection of impostors or MITM attacks. Documents confirm the vulnerability, its impact (certificate check bypass for QUIC/HTTP3), and that it is being trac...
CVE-2025-4947
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...
libcurl 安全漏洞
libcurl is a free and easy-to-use client-side URL transport library from the cURL open source. A security vulnerability exists in libcurl that stems from skipping certificate validation during QUIC connections, which could lead to a man-in-the-middle attack...
golang: crypto/tls: panic when processing post-handshake message on QUIC connections
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...
PT-2025-7549 · Lsquic · Lsquic
Name of the Vulnerable Software and Affected Versions: LSQUIC versions prior to 4.2.0 Description: A hash collision vulnerability in the hash table used to manage connections allows remote attackers to cause a considerable CPU load on the server by initiating connections with colliding Source...
CVE-2024-53259
CVE-2024-53259 affects the quic-go QUIC implementation. An off-path attacker can inject an ICMP Packet Too Large when IP_PMTUDISC_DO is used, causing the kernel to return a “message too large” error on sendmsg if a QUIC packet exceeds the MTU claimed in the ICMP message. This can disrupt a QUIC c...
golang: crypto/tls: panic when processing post-handshake message on QUIC connections
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...
RHEL 8 / 9 : OpenShift Container Platform 4.14.2 (RHSA-2023:6840)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6840 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
Certificate Validation
curl is vulnerable to Certificate Validation. The vulnerability is due to a flaw in libcurl when built with wolfSSL and the error path inadvertently bypassing certificate verification when encountering unknown or bad ciphers or curves, allows for certificate verification to be skipped for QUIC...
RHCOS 4 : OpenShift Container Platform 4.14.2 (RHSA-2023:6840)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6840 advisory. - golang: net/http: insufficient sanitization of Host header CVE-2023-29406 - golang: crypto/tls: slow verification of certificate...
RHCOS 4 / 9 : OpenShift Container Platform 4.14.0 (RHSA-2023:5009)
The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5009 advisory. - golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 - kube-apiserver: Bypassing policies imposed by the...