Lucene search
K

12 matches found

CVE
CVE
added 2026/06/23 7:13 p.m.11 views

CVE-2026-53622

CVE-2026-53622 concerns Traefik’s HTTP/3 (QUIC) TLS configuration selection. When HTTP/3 is enabled, the TLS handshake uses an exact, case-sensitive lookup of the SNI to choose a TLS config, which fails to match wildcard hosts or mixed-case hostnames. If a router enforces mTLS via TLSOptions and ...

10CVSS5.9AI score0.0024EPSS
Exploits1References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/10 12:31 p.m.8 views

ngtcp2: ngtcp2: Denial of service via stack buffer overflow during QUIC handshake

A flaw was found in ngtcp2, a C implementation of the IETF QUIC Quick UDP Internet Connections protocol. A remote attacker can exploit a stack buffer overflow vulnerability by sending specially crafted, large transport parameters during the QUIC handshake. This occurs when the qlog callback is...

7.5CVSS5.7AI score0.00776EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.14 views

RHEL 9 : samba (RHSA-2026:25049)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25049 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

9.8CVSS6.1AI score0.12797EPSS
Exploits9References15
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.13 views

RHEL 10 : samba (RHSA-2026:22963)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22963 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

9.8CVSS6.2AI score0.12797EPSS
Exploits9References15
AlpineLinux
AlpineLinux
added 2026/04/16 9:34 p.m.2 views

CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS5.7AI score0.00776EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/12/10 12:0 a.m.10 views

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2025:23069)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23069 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

9.1CVSS7.5AI score0.19396EPSS
Exploits11References14
OSV
OSV
added 2025/10/10 4:15 p.m.5 views

AZL-68781 CVE-2025-59530 affecting package coredns for versions less than 1.11.1-24

quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...

7.5CVSS6AI score0.00438EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-0855

Malicious code in bioql PyPI...

7.5CVSS5.9AI score0.01175EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/03/13 3:39 p.m.30 views

quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding

Impact Cloudflare Quiche through version 0.19.1/0.20.0 was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimit...

7.5CVSS7.2AI score0.01175EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2024/03/12 6:4 p.m.38 views

CVE-2024-1765 Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche

Cloudflare Quiche through version 0.19.1/0.20.0 was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited numb...

5.9CVSS6AI score0.01175EPSS
Exploits0References1
CVE
CVE
added 2024/03/12 6:4 p.m.70 views

CVE-2024-1765

Cloudflare Quiche (up to 0.19.1/0.20.0) contains an unlimited resource allocation vulnerability where an attacker floods QUIC CRYPTO frames (1-RTT) after the QUIC handshake, causing rapid memory usage growth on the affected system. The issue affects both server and client implementations and coul...

7.5CVSS5.7AI score0.01175EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/02 9:44 p.m.68 views

GO-2023-2160 Panic during QUIC handshake in github.com/quic-go/quic-go

The QUIC handshake can cause a panic when processing a certain sequence of frames. A malicious peer can deliberately trigger this panic...

7.5CVSS7.4AI score0.00765EPSS
Exploits0References2
Rows per page
Query Builder