CVE-2026-10740

CVE-2026-10740 affects s2n-quic prior to version 1.8.2, where an unbounded memory allocation in the CRYPTO frame reassembler can allow an unauthenticated remote actor to trigger a denial of service (degraded availability) by sending crafted QUIC Initial packets. The vulnerability is triggered dur...

PT-2026-48517

Name of the Vulnerable Software and Affected Versions s2n-quic versions prior to 1.8.2 Description Unbounded memory allocation in the CRYPTO frame reassembler allows an unauthenticated remote actor to cause a denial of service, resulting in degraded availability, by sending crafted QUIC Initial...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rust1.93 (SUSE-SU-2026:1415-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1415-1 advisory. Security issue: - CVE-2026-31812: denial of service via crafted QUIC initial packet bsc1259623. Non...

BIT-DOTNET-SDK-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

EUVD-2026-13148

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

CVE-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

CVE-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

CVE-2026-25667

The OSV entries and CVE describe a vulnerability in ASP.NET Core Kestrel (Microsoft .NET 8.0 < 8.0.22 and .NET 9.0

Linux Distros Unpatched Vulnerability : CVE-2025-4432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induc...

Some AES functions may panic when overflow checking is enabled.

ring::aead::quic::HeaderProtectionKey::newmask may panic when overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 232 packets sent and/or received. On 64-bit targe...

FreeBSD : zeek -- potential DoS vulnerability (ef56065e-81fe-4731-a1e3-606c55925bef)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ef56065e-81fe-4731-a1e3-606c55925bef advisory. Tim Wojtulewicz of Corelight reports: Large QUIC packets can cause Zeek to overflow memory and...