16 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-9114
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network...
Security update for rust1.93
This update for rust1.93 fixes the following issues: Security issue: CVE-2026-31812: denial of service via crafted QUIC initial packet bsc1259623. Non security issue: Resolve missing gcc requirement that may affect some crate buildin bsc1253321. Patch Instructions: To install this SUSE update use...
UBUNTU-CVE-2026-31812
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed...
CVE-2023-50923
In QUIC in RFC 9000, the Latency Spin Bit specification section 17.4 does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The "Sheridan, S., Keane, A. 2015...
BIT-NGINX-GATEWAY-2024-34161 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...
Google Chrome < 124.0.6367.60 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 124.0.6367.60. It is, therefore, affected by multiple vulnerabilities as referenced in the 202404stable-channel-update-for-desktop16 advisory. - Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a...
EUVD-2024-32406
Malicious code in bioql PyPI...
EUVD-2024-43285
Malicious code in bioql PyPI...
EUVD-2023-2837
Malicious code in bioql PyPI...
PT-2024-9120 · Quic-Go +1 · Quic-Go +1
Name of the Vulnerable Software and Affected Versions: quic-go versions prior to 0.48.2 Description: An off-path attacker can inject an ICMP Packet Too Large packet, disrupting a QUIC connection by setting the MTU value to smaller than 1200 bytes. This can be done after the handshake completion,...
OESA-2024-2273 haproxy security update
HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: QUIC in HAProxy...
CVE-2024-26190
Microsoft QUIC Denial of Service Vulnerability...
PT-2023-32973 · Amazon · S2N-Quic
Name of the Vulnerable Software and Affected Versions: s2n-quic versions prior to 1.31.0 Description: The issue in s2n-quic results in unnecessary resource utilization when peers open streams beyond advertised limits. Recommendations: For versions prior to 1.31.0, upgrade to version 1.31.0 or lat...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS resulting in a MsQuic server application or process crash. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...
PT-2023-26883 · Quic +6 · Quic +6
Name of the Vulnerable Software and Affected Versions: QUIC affected versions not specified Description: The issue allows a malicious QUIC connection to cause unbounded memory growth due to the lack of an upper bound on the amount of data buffered when reading post-handshake messages. With the fi...
PT-2023-33031 · Amazon · S2N-Quic
Name of the Vulnerable Software and Affected Versions: s2n-quic version 1.22.0 Description: An issue in s2n-quic results in the endpoint shutting down after receiving an empty UDP packet on a connection. No AWS services are affected, and customers of AWS services do not need to take action...