12 matches found
CVE-2025-64702
quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...
DEBIAN-CVE-2025-64702
quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to lack of limits for decoded HTTP3 headers. An attacker can cause excessive memory allocation by sending a specially crafted QPACK-encoded HEADERS frame that expands into a large...
SUSE CVE-2025-10678
NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...
CVE-2025-10678
NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...
NetBird VPN does not remove the default password of an admin account
NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...
EUVD-2025-35061
NetBird VPN does not remove the default password of an admin account...
GHSA-G3J4-58MP-3X25 NetBird VPN does not remove the default password of an admin account
NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...
CVE-2025-10678
NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...
CVE-2025-10678 Admin with default credentials in NetBird VPN
NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...
CVE-2025-10678
NetBird VPN vulnerable to an admin account left with a default password after installation via vendor scripts (ZITADEL-created admin). Several sources confirm the issue affects installations using the vendor script and potentially Docker instances if the default password isn’t changed or the user...
CVE-2025-10678 Admin with default credentials in NetBird VPN
NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...