446 matches found
OPENSUSE-SU-2021:1088-1 Security update for curl
This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...
SUSE-SU-2021:2462-1 Security update for curl
This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...
SUSE: Security Advisory (SUSE-SU-2021:2440-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:2439-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2021:2440-1 Security update for curl
This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...
OPENSUSE-SU-2021:2439-1 Security update for curl
This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...
SUSE-SU-2021:2439-1 Security update for curl
This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...
SUSE-SU-2021:14768-1 Security update for curl
This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...
Bad connection reuse due to flawed path name checks
libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take 'issuer cert' into account and it compared the involved paths case insensitively, which could...
CURL-CVE-2021-22924 Bad connection reuse due to flawed path name checks
libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take 'issuer cert' into account and it compared the involved paths case insensitively, which could...
libcurl 资源管理错误漏洞
libcurl is a tool for transferring data from or to a server. A resource management error vulnerability exists in libcurl that stems from the presence of a logic error that could cause libcurl to reuse the wrong connection...
UBUNTU-CVE-2021-22924
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...
Security update for curl (moderate)
openSUSE Security Update: Security update for curl Announcement ID: openSUSE-SU-2021:2439-1 Rating: moderate References: 1188217 1188218 1188219 1188220 Cross-References: CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVSS scores: CVE-2021-22922 SUSE: 6.5...
cURL -- Multiple vulnerabilities
The cURL project reports: CURLOPTSSLCERT mixup with Secure Transport CVE-2021-22926 TELNET stack contents disclosure again CVE-2021-22925 Bad connection reuse due to flawed path name checks CVE-2021-92254 Metalink download sends credentials CVE-2021-92253 Wrong content via metalink not discarded...
CVE-2021-36740
A flaw was found in Varnish. The Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. As a result, this flaw allows the information on the Varnish cache to be poisoned. The highest threat from this...
curl: CVE-2021-22924: Bad connection reuse due to flawed path name checks
Summary: Curlsslconfigmatches attempts to compare whether two SSL connections have identical SSL security options or not. The idea is to avoid reusing a connection that uses less secure, or completely different security options such as capath, cainfo or certificate/issuer pinning. Unfortunately...
UBUNTU-CVE-2020-15260
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is...
PT-2020-4892 · Postgresql +9 · Postgresql +9
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 13.1 PostgreSQL versions prior to 12.5 PostgreSQL versions prior to 11.10 PostgreSQL versions prior to 10.15 PostgreSQL versions prior to 9.6.20 PostgreSQL versions prior to 9.5.24 Description: A flaw was found in...
curl: Connect-only connections can use the wrong connection
Summary: If a connect-only easy handle is not read from or written to, its connection can time out and be closed. If a new connection is created it can be allocated at the same address, causing the easy handle to use the new connection. This new connection may not be connected to the same server ...
nodejs: HTTP request smuggling using malformed Transfer-Encoding header
A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...