Lucene search
K

430 matches found

OSV
OSV
added 2026/06/15 8:11 p.m.4 views

GHSA-4M7W-QMGQ-4WJ5 aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

Summary The serverhostname TLS SNI check can be bypassed when an existing connection is reused. Impact If an application makes multiple requests to the same domain, but with different per-request serverhostname parameters, then the later calls may succeed by reusing the existing connection when...

6.9CVSS5.4AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49589

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description The server hostname TLS SNI Server Name Indication check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain using different per-reque...

6.9CVSS5.8AI score0.00266EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.14 views

EulerOS Virtualization 2.13.1 : curl (EulerOS-SA-2026-2368)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcu...

6.5CVSS7.8AI score0.00333EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.12 views

EulerOS Virtualization 2.13.0 : curl (EulerOS-SA-2026-2397)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcu...

6.5CVSS7.8AI score0.00333EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.11 views

EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-2326)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to dox000D an Negotiate-authenticated HTTP or HTTPS request.x000D x000D...

6.5CVSS7.4AI score0.00333EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.11 views

EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-2283)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to dox000D an Negotiate-authenticated HTTP or HTTPS request.x000D x000D...

6.5CVSS7.4AI score0.00333EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

EulerOS Virtualization 2.12.0 : curl (EulerOS-SA-2026-2097)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.libcur...

6.5CVSS5.6AI score0.00333EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.8 views

PT-2026-51741

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description An issue exists in the certificate authentication procedure where the library maintains a connection pool for reusing connections in subsequent transfers. If a handle initially uses the defau...

4CVSS6AI score0.00196EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/06/03 9:51 p.m.12 views

CVE-2026-7666

A flaw was found in Django. An on-path network attacker could exploit a vulnerability in django.core.mail.backends.smtp.EmailBackend where a partially-initialized connection is reused after a failed STARTTLS handshake when failsilently=True. This could allow the attacker to intercept and read ema...

3.1CVSS5.6AI score0.0015EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/06/03 1:16 p.m.8 views

CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS5.3AI score0.0015EPSS
Exploits0
OSV
OSV
added 2026/05/29 1:33 p.m.13 views

OESA-2026-2477 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If...

7.5CVSS5.8AI score0.00639EPSS
Exploits7References8
OSV
OSV
added 2026/05/21 2:43 p.m.8 views

CLSA-2026-1779358660 curl: Fix of 2 CVEs

CVE-2026-5773: wrong reuse of SMB connection; disable connection reuse for SMBS so a subsequent transfer cannot wrongfully reuse a pooled connection to a different share - CVE-2026-6276: clear stale custom-Host cookiehost between requests on the same easy handle cookie leak across origins...

7.5CVSS5.8AI score0.00549EPSS
Exploits2References1
OSV
OSV
added 2026/05/21 10:6 a.m.5 views

CLSA-2026-1779358008 Fix CVE(s): CVE-2026-5773

SECURITY UPDATE: libcurl may reuse the wrong connection for SMBS transfers, leading to access of an unintended SMB share with the same credentials. - debian/patches/CVE-2026-5773.patch: disable connection reuse for SMBS in lib/url.c by returning early from ConnectionExists when the requested...

7.5CVSS5.8AI score0.00549EPSS
Exploits1References1
OSV
OSV
added 2026/05/21 10:0 a.m.9 views

CLSA-2026-1779357606 curl: Fix of CVE-2026-5773

CVE-2026-5773: disable connection reuse for SMBS to prevent libcurl from reusing a connection to the same server for a different SMB share...

7.5CVSS5.8AI score0.00549EPSS
Exploits1References1
OSV
OSV
added 2026/05/21 9:56 a.m.13 views

CLSA-2026-1779357393 curl: Fix of CVE-2026-5773

CVE-2026-5773: disable connection reuse for SMBS to prevent libcurl from reusing a connection to the same server for a different SMB share...

7.5CVSS5.8AI score0.00549EPSS
Exploits1References1
OSV
OSV
added 2026/05/21 9:52 a.m.7 views

CLSA-2026-1779357116 curl: Fix of CVE-2026-5773

CVE-2026-5773: disable connection reuse for SMBS to prevent libcurl from reusing a connection to the same server for a different SMB share...

7.5CVSS5.8AI score0.00549EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in curl

libcurl will reuse a previously established connection even when options related to TLS or SSH have been changed, which should prevent such reuses. libcurl stores previously used connections in a connection pool, allowing for reuse if one of them matches the current setup. However, several TLS an...

7.5CVSS6.6AI score0.02596EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in curl

libcurl keeps previously used connections in a connection pool so that they can be reused for subsequent transfers, if one of them matches the setup. Due to errors in the logic, the configuration matching function did not take ‘issuercert’ into account, and the involved paths were compared case...

4.3CVSS6.5AI score0.0627EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in curl

A authentication bypass vulnerability exists in libcurl version 8.0.0, particularly in the connection reuse feature. This vulnerability allows for the reuse of previously established connections with incorrect user permissions, due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION...

5.9CVSS6.9AI score0.01566EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in curl

There is an authentication bypass vulnerability in libcurl version 8.0.0, particularly in the FTP connection reuse feature. This vulnerability can cause incorrect credentials to be used during subsequent transfers. Previously created connections are retained in a connection pool for reuse if they...

5.9CVSS6.6AI score0.01607EPSS
Exploits1References2
Rows per page
Query Builder