Lucene search
K

168 matches found

OSV
OSV
added 2022/06/20 7:27 a.m.6 views

MAL-2022-946 Malicious code in alpaca-oas (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a68a07a8506d5dcce370260e4c897a0d0fcfccfc0e10eeb83a02284cd0ff55fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/04/28 12:0 a.m.120 views

Ubuntu 22.04 LTS : nginx vulnerability (USN-5371-2)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5371-2 advisory. USN-5371-1 fixed several vulnerabilities in nginx. This update provides the fix for CVE-2021-3618 for Ubuntu 22.04 LTS. Tenable has extracted the preceding...

7.4CVSS7.6AI score0.02037EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/04/12 12:0 a.m.124 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : nginx vulnerabilities (USN-5371-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5371-1 advisory. It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP...

7.5CVSS6.7AI score0.02599EPSS
Exploits0References4
OSV
OSV
added 2022/03/23 8:15 p.m.2274 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS3.3AI score
Exploits0References3
OSV
OSV
added 2022/03/23 8:15 p.m.4 views

DEBIAN-CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS8.9AI score0.02037EPSS
Exploits0References1
OSV
OSV
added 2022/03/23 8:15 p.m.7 views

AZL-9220 CVE-2021-3618 affecting package sendmail 8.15.2-46

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS7.1AI score0.02037EPSS
Exploits0References1
NVD
NVD
added 2022/03/23 8:15 p.m.44 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS0.02037EPSS
Exploits0References3
Prion
Prion
added 2022/03/23 8:15 p.m.2333 views

Design/Logic Flaw

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

5.8CVSS7.3AI score0.02037EPSS
Exploits0References3Affected Software5
UbuntuCve
UbuntuCve
added 2022/03/23 8:15 p.m.200 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS7.1AI score0.02037EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2022/03/23 12:0 a.m.1069 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS7.8AI score0.02037EPSS
Exploits0
Cvelist
Cvelist
added 2022/03/23 12:0 a.m.76 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.8AI score0.02037EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/03/23 12:0 a.m.216 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS7.8AI score0.02037EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.33 views

Mageia: Security Advisory (MGASA-2021-0540)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.7AI score0.02037EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/08 5:15 p.m.40 views

Security Bulletin: Vulnerabilities in Apache Kafka and NGINX affect IBM Spectrum Discover

Summary The vulnerabilities in Apache Kafka could allow a remote attacker to obtain sensitive information and the vulnerabilities in NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol content confusion attack, which exploits TLS servers implementing...

7.4CVSS7AI score0.0582EPSS
Exploits0Affected Software1
Mageia
Mageia
added 2021/12/08 8:4 p.m.65 views

Updated nginx/vsftpd packages fix security vulnerability

ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication...

7.4CVSS7.7AI score0.02037EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/10/26 12:0 a.m.35 views

Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2021-2599)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.8AI score0.53461EPSS
Exploits11References2
Tenable Nessus
Tenable Nessus
added 2021/10/25 12:0 a.m.42 views

EulerOS 2.0 SP3 : nginx (EulerOS-SA-2021-2599)

According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that cause...

9.8CVSS8.1AI score0.53461EPSS
Exploits11References4
CISA
CISA
added 2021/10/08 12:0 a.m.20 views

NSA Releases Guidance on Avoiding the Dangers of Wildcard TLS Certificates and ALPACA Techniques

The National Security Agency NSA has released a Cybersecurity Information CSI sheet with guidance to help secure the Department of Defense, National Security Systems, and Defense Industrial Base organizations from poorly implemented wildcard Transport Layer Security TLS certificates and the...

6.7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2021/09/28 12:0 a.m.34 views

Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2021-2513)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.7AI score0.02037EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/09/27 12:0 a.m.39 views

EulerOS 2.0 SP5 : nginx (EulerOS-SA-2021-2513)

According to the versions of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible...

7.4CVSS7.5AI score0.02037EPSS
Exploits0References2
Rows per page
Query Builder