Lucene search
K

8 matches found

OSV
OSV
added 2026/06/25 1:34 p.m.2 views

SUSE-SU-2026:2633-1 Security update for nodejs24

This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to uncontrolled resource consumption bsc1268480. - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response...

9.8CVSS6AI score0.02445EPSS
Exploits3References43
Hacker One
Hacker One
added 2026/04/21 10:11 p.m.7 views

Node.js: Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat

Vulnerability description not provided...

7.7CVSS5.8AI score0.00674EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-32028

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.0181EPSS
Exploits1References14
OSV
OSV
added 2025/05/07 4:15 p.m.6 views

AZL-61731 CVE-2024-47619 affecting package syslog-ng for versions less than 3.33.2-8

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...

7.5CVSS5.8AI score0.00301EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/07 3:12 p.m.11 views

CVE-2024-47619 tranport: TLS host name wildcard matching too lax

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...

7.5CVSS0.00301EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.11 views

PT-2025-20232 · Syslog-Ng +1 · Syslog-Ng +1

Name of the Vulnerable Software and Affected Versions: syslog-ng versions prior to 4.8.2 syslog-ng version 3.28.1-2+deb11u2 and earlier for Debian 11 bullseye Description: syslog-ng is an enhanced log daemon. Prior to version 4.8.2, tls wildcard match matches on certificates such as foo..bar...

7.5CVSS7.1AI score0.00301EPSS
Exploits1References26
curl security advisories
curl security advisories
added 2023/05/17 8:0 a.m.14 views

IDN wildcard match

curl supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN International Domain...

5.9CVSS6.4AI score0.0181EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2021/03/15 9:18 p.m.7 views

USN-4796-1 nodejs vulnerabilities

Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An attacker could use this vulnerability to execute a machine-in-the-middle- attack. This issue only affected Ubuntu 14.04 ESM and 16.04 ESM. CVE-2016-7099 It...

8.8CVSS7.2AI score0.41288EPSS
Exploits0References10
Rows per page
Query Builder