Lucene search
+L

17 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/05 8:29 p.m.4 views

CVE-2026-35579

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...

8.2CVSS5.8AI score0.0051EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/05 8:29 p.m.30 views

CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...

8.2CVSS0.0051EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/28 10:54 p.m.9 views

CoreDNS has TSIG authentication bypass on gRPC and QUIC transports

Summary The gRPC, QUIC, DoH, and DoH3 transports in CoreDNS incorrectly handle TSIG authentication. For gRPC and QUIC, CoreDNS checks whether the TSIG key name exists in the config, but does not actually verify the TSIG HMAC. If the key name matches, tsigStatus remains nil and the tsig plugin...

9.8CVSS5.8AI score0.0051EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/28 10:54 p.m.13 views

GHSA-VP29-5652-4FW9 CoreDNS has TSIG authentication bypass on gRPC and QUIC transports

Summary The gRPC, QUIC, DoH, and DoH3 transports in CoreDNS incorrectly handle TSIG authentication. For gRPC and QUIC, CoreDNS checks whether the TSIG key name exists in the config, but does not actually verify the TSIG HMAC. If the key name matches, tsigStatus remains nil and the tsig plugin...

8.2CVSS5.9AI score0.0051EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-40170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters...

7.5CVSS6AI score0.00776EPSS
Exploits1References2
OSV
OSV
added 2026/03/10 10:16 p.m.3 views

DEBIAN-CVE-2026-31812

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed...

8.7CVSS5.3AI score0.005EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/10 9:4 p.m.27 views

CVE-2026-31812 Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed...

8.7CVSS0.005EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:4 p.m.10 views

CVE-2026-31812

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed...

8.7CVSS5.8AI score0.005EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/10 9:4 p.m.44 views

CVE-2026-31812

In Quinn (Rust, QUIC), the quinn-proto parsing path decodes attacker-controlled varints with unwrap(), so a crafted QUIC Initial packet containing malformed quic_transport_parameters can trigger an unexpected end and panic. This remote, unauthenticated DoS is reachable over the network and affect...

8.7CVSS5.8AI score0.005EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-2878

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00568EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2573

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.0076EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 4:21 a.m.5 views

CVE-2023-42805

quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...

7.5CVSS6.6AI score0.0076EPSS
Exploits0
Snyk
Snyk
added 2023/10/10 10:23 p.m.3 views

Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Overview Affected versions of this package are vulnerable to Improper Release of Memory Before Removing Last Reference 'Memory Leak' in the QUIC transport parameters when multiple instances are present or multiple calls to the decode happen. An attacker can cause a denial of service when the MsQu...

7.5CVSS6.8AI score0.05473EPSS
Exploits0References2
NVD
NVD
added 2023/09/21 5:15 p.m.28 views

CVE-2023-42805

quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...

7.5CVSS7.4AI score0.0076EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/09/21 5:15 p.m.14 views

CVE-2023-42805

quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...

7.5CVSS6.9AI score0.0076EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/09/21 4:39 p.m.18 views

CVE-2023-42805 quinn-proto Denial of Service vulnerability

quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...

7.5CVSS6.6AI score0.0076EPSS
Exploits0References4
OSV
OSV
added 2023/09/21 4:39 p.m.22 views

CVE-2023-42805 quinn-proto Denial of Service vulnerability

quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...

7.5CVSS7.3AI score0.0076EPSS
Exploits0References6
Rows per page
Query Builder