OESA-2026-2507 qt6-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...

CVE-2026-10028 Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chain

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular...

CVE-2025-14575

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory...

PT-2026-41886

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory...

GNOME glib-networking 缓冲区错误漏洞

GNOME glib-networking is a networking extension package for Glib a collection of five underlying libraries written in C. A buffer error vulnerability exists in GNOME glib-networking that stems from the OpenSSL backend not properly checking the BIOwrite return value, which could lead to an...

PT-2025-23063

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description The issue arises from an omission in libcurl's support for pinning the server certificate public key for HTTPS transfers when using QUIC for HTTP/3 with the wolfSSL TLS backend. Although the...

Debian dla-3951 : curl - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3951 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3951-1 [email protected] https://www.debian.org/lts/security/...

curl: CVE-2024-8096: OCSP stapling bypass with GnuTLS

CVE-2024-8096 was a vulnerability in GnuTLS where the OCSP stapling validation process could be bypassed, allowing the establishment of a connection even when the certificate was revoked. The issue was caused by a flaw in the gnutlscertificateverifypeers2 function, which only returned an error wh...

Authorization Bypass

curl is vulnerable to authorization bypass. The vulnerability is present only if OpenSSL is the designated TLS backend. OCSP stapling is not enabled by default by libcurl, it needs to be explicitly enabled by the application to get used...

CVE-2020-8286

Libcurl offers "OCSP stapling" via the CURLOPTSSLVERIFYSTATUS option. When set, libcurl verifies the OCSP response that a server responds with as part of the TLS handshake. It then aborts the TLS negotiation if something is wrong with the response. The same feature can be enabled with --cert-stat...

DEBIAN-CVE-2018-21029

systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication SNI is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname...

PT-2019-10455 · Systemd +1 · Systemd +1

Name of the Vulnerable Software and Affected Versions: systemd versions 239 through 245 Description: The issue concerns the acceptance of any certificate signed by a trusted certificate authority for DNS Over TLS, without sending Server Name Indication SNI and without hostname validation when usi...

EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1172)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification...

CVE-2016-9953

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly have unspecified other impact via a wildcard...

CVE-2016-9953

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly have unspecified other impact via a wildcard...

CVE-2016-9953

The CVE-2016-9953 entry affects libcurl 7.30.0–7.51.0 when built for Windows CE with the schannel TLS backend, where the verify_certificate function in lib/vtls/schannel.c can be abused by a crafted wildcard certificate name to trigger an out-of-bounds read. This can allow remote attackers to obt...