430 matches found
GHSA-4M7W-QMGQ-4WJ5 aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections
Summary The serverhostname TLS SNI check can be bypassed when an existing connection is reused. Impact If an application makes multiple requests to the same domain, but with different per-request serverhostname parameters, then the later calls may succeed by reusing the existing connection when...
PT-2026-49589
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description The server hostname TLS SNI Server Name Indication check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain using different per-reque...
EulerOS Virtualization 2.13.1 : curl (EulerOS-SA-2026-2368)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcu...
EulerOS Virtualization 2.13.0 : curl (EulerOS-SA-2026-2397)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcu...
EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-2326)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to dox000D an Negotiate-authenticated HTTP or HTTPS request.x000D x000D...
EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-2283)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to dox000D an Negotiate-authenticated HTTP or HTTPS request.x000D x000D...
EulerOS Virtualization 2.12.0 : curl (EulerOS-SA-2026-2097)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.libcur...
PT-2026-51741
Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description An issue exists in the certificate authentication procedure where the library maintains a connection pool for reusing connections in subsequent transfers. If a handle initially uses the defau...
CVE-2026-7666
A flaw was found in Django. An on-path network attacker could exploit a vulnerability in django.core.mail.backends.smtp.EmailBackend where a partially-initialized connection is reused after a failed STARTTLS handshake when failsilently=True. This could allow the attacker to intercept and read ema...
CVE-2026-7666
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...
OESA-2026-2477 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If...
CLSA-2026-1779358660 curl: Fix of 2 CVEs
CVE-2026-5773: wrong reuse of SMB connection; disable connection reuse for SMBS so a subsequent transfer cannot wrongfully reuse a pooled connection to a different share - CVE-2026-6276: clear stale custom-Host cookiehost between requests on the same easy handle cookie leak across origins...
CLSA-2026-1779358008 Fix CVE(s): CVE-2026-5773
SECURITY UPDATE: libcurl may reuse the wrong connection for SMBS transfers, leading to access of an unintended SMB share with the same credentials. - debian/patches/CVE-2026-5773.patch: disable connection reuse for SMBS in lib/url.c by returning early from ConnectionExists when the requested...
CLSA-2026-1779357606 curl: Fix of CVE-2026-5773
CVE-2026-5773: disable connection reuse for SMBS to prevent libcurl from reusing a connection to the same server for a different SMB share...
CLSA-2026-1779357393 curl: Fix of CVE-2026-5773
CVE-2026-5773: disable connection reuse for SMBS to prevent libcurl from reusing a connection to the same server for a different SMB share...
CLSA-2026-1779357116 curl: Fix of CVE-2026-5773
CVE-2026-5773: disable connection reuse for SMBS to prevent libcurl from reusing a connection to the same server for a different SMB share...
Astra Linux – Vulnerability in curl
libcurl will reuse a previously established connection even when options related to TLS or SSH have been changed, which should prevent such reuses. libcurl stores previously used connections in a connection pool, allowing for reuse if one of them matches the current setup. However, several TLS an...
Astra Linux – Vulnerability in curl
libcurl keeps previously used connections in a connection pool so that they can be reused for subsequent transfers, if one of them matches the setup. Due to errors in the logic, the configuration matching function did not take ‘issuercert’ into account, and the involved paths were compared case...
Astra Linux – Vulnerability in curl
A authentication bypass vulnerability exists in libcurl version 8.0.0, particularly in the connection reuse feature. This vulnerability allows for the reuse of previously established connections with incorrect user permissions, due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION...
Astra Linux – Vulnerability in curl
There is an authentication bypass vulnerability in libcurl version 8.0.0, particularly in the FTP connection reuse feature. This vulnerability can cause incorrect credentials to be used during subsequent transfers. Previously created connections are retained in a connection pool for reuse if they...