Lucene search
+L

446 matches found

OSV
OSV
added 2021/07/24 4:5 p.m.10 views

OPENSUSE-SU-2021:1088-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...

6.5CVSS5.3AI score0.0627EPSS
Exploits4References9
OSV
OSV
added 2021/07/23 9:23 a.m.6 views

SUSE-SU-2021:2462-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...

6.5CVSS5.5AI score0.0627EPSS
Exploits4References9
OpenVAS
OpenVAS
added 2021/07/22 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2021:2440-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.8AI score0.0627EPSS
Exploits4References7
OpenVAS
OpenVAS
added 2021/07/22 12:0 a.m.30 views

SUSE: Security Advisory (SUSE-SU-2021:2439-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.1AI score0.0627EPSS
Exploits4References2
OSV
OSV
added 2021/07/21 11:48 a.m.7 views

SUSE-SU-2021:2440-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...

6.5CVSS5.5AI score0.0627EPSS
Exploits4References9
OSV
OSV
added 2021/07/21 11:47 a.m.7 views

OPENSUSE-SU-2021:2439-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...

6.5CVSS5.3AI score0.0627EPSS
Exploits4References9
OSV
OSV
added 2021/07/21 11:47 a.m.7 views

SUSE-SU-2021:2439-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...

6.5CVSS5.5AI score0.0627EPSS
Exploits4References9
OSV
OSV
added 2021/07/21 11:45 a.m.10 views

SUSE-SU-2021:14768-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...

6.5CVSS5.5AI score0.0627EPSS
Exploits4References9
curl security advisories
curl security advisories
added 2021/07/21 8:0 a.m.12 views

Bad connection reuse due to flawed path name checks

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take 'issuer cert' into account and it compared the involved paths case insensitively, which could...

4.3CVSS6.2AI score0.0627EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2021/07/21 8:0 a.m.10 views

CURL-CVE-2021-22924 Bad connection reuse due to flawed path name checks

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take 'issuer cert' into account and it compared the involved paths case insensitively, which could...

4.3CVSS5.4AI score0.0627EPSS
Exploits1
CNNVD
CNNVD
added 2021/07/21 12:0 a.m.5 views

libcurl 资源管理错误漏洞

libcurl is a tool for transferring data from or to a server. A resource management error vulnerability exists in libcurl that stems from the presence of a logic error that could cause libcurl to reuse the wrong connection...

4.3CVSS6.3AI score0.0627EPSS
Exploits1References59
OSV
OSV
added 2021/07/21 12:0 a.m.6 views

UBUNTU-CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

3.7CVSS6.6AI score0.0627EPSS
Exploits1References4
OPENSUSE Linux
OPENSUSE Linux
added 2021/07/21 12:0 a.m.82 views

Security update for curl (moderate)

openSUSE Security Update: Security update for curl Announcement ID: openSUSE-SU-2021:2439-1 Rating: moderate References: 1188217 1188218 1188219 1188220 Cross-References: CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVSS scores: CVE-2021-22922 SUSE: 6.5...

6.5CVSS7AI score0.0627EPSS
Exploits4References4
FreeBSD
FreeBSD
added 2021/07/21 12:0 a.m.48 views

cURL -- Multiple vulnerabilities

The cURL project reports: CURLOPTSSLCERT mixup with Secure Transport CVE-2021-22926 TELNET stack contents disclosure again CVE-2021-22925 Bad connection reuse due to flawed path name checks CVE-2021-92254 Metalink download sends credentials CVE-2021-92253 Wrong content via metalink not discarded...

7.5CVSS2AI score0.0982EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2021/07/14 7:25 p.m.63 views

CVE-2021-36740

A flaw was found in Varnish. The Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. As a result, this flaw allows the information on the Varnish cache to be poisoned. The highest threat from this...

8.1CVSS1.2AI score0.01599EPSS
Exploits0References4
Hacker One
Hacker One
added 2021/06/11 3:47 a.m.79 views

curl: CVE-2021-22924: Bad connection reuse due to flawed path name checks

Summary: Curlsslconfigmatches attempts to compare whether two SSL connections have identical SSL security options or not. The idea is to avoid reusing a connection that uses less secure, or completely different security options such as capath, cainfo or certificate/issuer pinning. Unfortunately...

4.3CVSS5.7AI score0.0627EPSS
Exploits1
OSV
OSV
added 2021/03/10 11:15 p.m.4 views

UBUNTU-CVE-2020-15260

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is...

6.8CVSS7.3AI score0.00991EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/11/11 12:0 a.m.7 views

PT-2020-4892 · Postgresql +9 · Postgresql +9

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 13.1 PostgreSQL versions prior to 12.5 PostgreSQL versions prior to 11.10 PostgreSQL versions prior to 10.15 PostgreSQL versions prior to 9.6.20 PostgreSQL versions prior to 9.5.24 Description: A flaw was found in...

9.8CVSS6.1AI score0.4644EPSS
Exploits3References221
Hacker One
Hacker One
added 2020/07/31 8:57 p.m.50 views

curl: Connect-only connections can use the wrong connection

Summary: If a connect-only easy handle is not read from or written to, its connection can time out and be closed. If a new connection is created it can be allocated at the same address, causing the easy handle to use the new connection. This new connection may not be connected to the same server ...

5CVSS0.1AI score0.03721EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2020/02/25 3:56 p.m.8 views

nodejs: HTTP request smuggling using malformed Transfer-Encoding header

A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...

9.8CVSS7.2AI score0.57132EPSS
Exploits0References5
Rows per page
Query Builder