Lucene search
K

168 matches found

Amazon
Amazon
added 2023/03/22 12:0 a.m.18 views

Medium: sendmail

Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...

7.4CVSS8AI score0.02037EPSS
Exploits0
Amazon
Amazon
added 2023/03/22 12:0 a.m.6 views

Medium: nginx

Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...

7.8CVSS6.6AI score0.02037EPSS
Exploits2
Amazon
Amazon
added 2023/03/22 12:0 a.m.20 views

Medium: vsftpd

Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...

7.4CVSS8AI score0.02037EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.63 views

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-099)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-099 advisory. 2024-02-15: CVE-2021-3618 was added to this advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using...

7.8CVSS7.3AI score0.02037EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.136 views

Amazon Linux 2023 : sendmail, sendmail-cf, sendmail-milter (ALAS2023-2023-018)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-018 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates...

7.4CVSS7.4AI score0.02037EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.163 views

Amazon Linux 2023 : vsftpd (ALAS2023-2023-019)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-019 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates...

7.4CVSS7.4AI score0.02037EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/20 12:0 a.m.123 views

CBL Mariner 2.0 Security Update: nginx / vsftpd (CVE-2021-3618)

The version of nginx / vsftpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3618 advisory. - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing...

7.4CVSS7.5AI score0.02037EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/17 4:26 p.m.51 views

K000132639: ALPACA: TLS vulnerability CVE-2021-3618

Security Advisory Description ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP...

7.4CVSS7.8AI score0.02037EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.4 views

SUSE CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS9.1AI score0.02037EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2022/11/30 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2022:4266-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.9AI score0.02037EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/11/30 12:0 a.m.34 views

SUSE: Security Advisory (SUSE-SU-2022:4265-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.9AI score0.02037EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/11/30 12:0 a.m.28 views

SUSE SLES15 Security Update : nginx (SUSE-SU-2022:4266-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4266-1 advisory. - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685. Tenable has extracte...

7.4CVSS7.2AI score0.02037EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/11/30 12:0 a.m.41 views

SUSE SLES15 Security Update : nginx (SUSE-SU-2022:4265-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4265-1 advisory. - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685. Tenable has extracte...

7.4CVSS7.2AI score0.02037EPSS
Exploits0References4
OSV
OSV
added 2022/11/29 10:23 a.m.19 views

SUSE-SU-2022:4266-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685...

7.4CVSS7.4AI score0.02037EPSS
Exploits0References3
OSV
OSV
added 2022/11/29 10:22 a.m.18 views

SUSE-SU-2022:4265-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685...

7.4CVSS7.4AI score0.02037EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/11/24 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2022:4192-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.9AI score0.02037EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/11/24 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2022:4201-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.7AI score0.02037EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/11/24 12:0 a.m.38 views

Debian: Security Advisory (DLA-3203-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.02037EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2022/11/24 12:0 a.m.37 views

SUSE SLES15 / openSUSE 15 Security Update : nginx (SUSE-SU-2022:4201-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4201-1 advisory. - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685. Tenabl...

7.4CVSS7.2AI score0.02037EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/11/24 12:0 a.m.38 views

SUSE SLES15 Security Update : nginx (SUSE-SU-2022:4192-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:4192-1 advisory. - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685. Tenable has extracte...

7.4CVSS7.2AI score0.02037EPSS
Exploits0References4
Rows per page
Query Builder