Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/24 7:25 a.m.5 views

CVE-2026-53622

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection allows unauthenticated clients to bypass router-specific mutual Transport Layer Security mTLS enforcement. When HTTP/3 is enabled and a router use...

10CVSS5.9AI score0.0024EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/23 7:13 p.m.36 views

CVE-2026-53622 Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

7.8CVSS0.0024EPSS
Exploits1References2
CVE
CVE
added 2026/06/23 7:13 p.m.11 views

CVE-2026-53622

CVE-2026-53622 concerns Traefik’s HTTP/3 (QUIC) TLS configuration selection. When HTTP/3 is enabled, the TLS handshake uses an exact, case-sensitive lookup of the SNI to choose a TLS config, which fails to match wildcard hosts or mixed-case hostnames. If a router enforces mTLS via TLSOptions and ...

10CVSS5.9AI score0.0024EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/06/16 9:4 p.m.4 views

GHSA-9CR8-Q42Q-G8M7 Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts

Summary There is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake selects the applicable TLS configuration through an exact,...

7.8CVSS5.8AI score0.0024EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/06/16 9:4 p.m.9 views

Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts

Summary There is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake selects the applicable TLS configuration through an exact,...

10CVSS5.7AI score0.0024EPSS
Exploits1References3Affected Software3
OSV
OSV
added 2026/02/17 5:9 p.m.6 views

GHSA-QW99-GRCX-4PVM OpenClaw's Chrome extension relay binds publicly due to wildcard treated as loopback

Summary The Chrome extension relay ensureChromeExtensionRelayServer previously treated wildcard hosts 0.0.0.0 / :: as loopback, which could make it bind the relay HTTP/WS server to all interfaces when a wildcard cdpUrl was passed. Impact If configured with a wildcard cdpUrl, relay HTTP endpoints...

6.5CVSS5.6AI score0.00396EPSS
Exploits0References7
OSV
OSV
added 2023/03/30 3:15 p.m.3 views

DEBIAN-CVE-2023-25076

A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch commit: 822bb80df9b7b345cc9eba55df74a07b498819ba. A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to...

9.8CVSS9.2AI score0.65515EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2023/03/30 3:15 p.m.20 views

CVE-2023-25076

A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch commit: 822bb80df9b7b345cc9eba55df74a07b498819ba. A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to...

9.8CVSS7.6AI score0.65515EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/03/30 2:34 p.m.19 views

CVE-2023-25076

A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch commit: 822bb80df9b7b345cc9eba55df74a07b498819ba. A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to...

9.8CVSS9.9AI score0.65515EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2003/09/18 12:0 a.m.25 views

Exclude top-level domain wildcard hosts

This host has an IP address known to be a wildcard record for a top- level domain TLD or for a host within the 'nessus.org' domain. It has been blacklisted and will not be scanned. C Tenable Network Security, Inc. Known top level domain wildcards, from http://www.imperialviolet.org/dnsfix.html .C...

5.4AI score
Exploits0References1
Rows per page
Query Builder