Lucene search
K

214 matches found

Positive Technologies
Positive Technologies
added 2023/06/12 12:0 a.m.6 views

PT-2023-5586 · Apache · Apache Nifi

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 0.0.2 through 1.21.0 Description: The issue in Apache NiFi is related to the DBCPConnectionPool and HikariCPConnectionPool Controller Services, which allow an authenticated and authorized user to configure a Database URL...

9CVSS8.1AI score0.63633EPSS
Exploits9References26
Amazon
Amazon
added 2023/06/07 12:0 a.m.37 views

Medium: curl

Issue Overview: The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the...

9.8CVSS6.9AI score0.02195EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2023/04/11 12:0 a.m.32 views

Siemens Industrial Devices using libcurl Use After Free (CVE-2021-22924)

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

4.3CVSS6.2AI score0.0627EPSS
Exploits1References18
RedhatCVE
RedhatCVE
added 2023/03/21 1:13 p.m.49 views

CVE-2023-27536

A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting...

5.9CVSS8.7AI score0.01566EPSS
Exploits1References4
Veracode
Veracode
added 2023/03/21 12:28 a.m.34 views

Authentication Bypass

curl is vulnerable to Authentication Bypass. The vulnerability exists because the SSH connection is too eager to reuse still since it keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup...

5.5CVSS7.3AI score0.01162EPSS
Exploits1References10Affected Software4
curl security advisories
curl security advisories
added 2023/03/20 8:0 a.m.10 views

SSH connection too eager reuse still

libcurl would reuse a previously created connection even when an SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, two SSH settings were...

7.7CVSS6.6AI score0.01162EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2023/03/20 8:0 a.m.34 views

CURL-CVE-2023-27536 GSS delegation too eager connection reuse

libcurl would reuse a previously created connection even when the GSS delegation CURLOPTGSSAPIDELEGATION option had been changed that could have changed the user's permissions in a second transfer. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if...

5.9CVSS6.4AI score0.01566EPSS
Exploits1
OSV
OSV
added 2023/03/20 8:0 a.m.28 views

CURL-CVE-2023-27535 FTP too eager connection reuse

libcurl would reuse a previously created FTP connection even when one or more options had been changed that could have made the effective user a different one, thus leading to doing the second transfer with the wrong credentials. libcurl keeps previously used connections in a connection pool for...

5.9CVSS6.6AI score0.01607EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.6 views

SUSE CVE-2007-6059

Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service connection pool...

5CVSS7AI score0.0176EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.5 views

SUSE CVE-2020-14060

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool aka apache/drill...

8.1CVSS8.7AI score0.08607EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.4 views

SUSE CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

7.3CVSS7AI score0.12504EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:50 a.m.3 views

SUSE CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool...

8.1CVSS8AI score0.0489EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.4 views

SUSE CVE-2021-22139

Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all...

6.5CVSS6.7AI score0.00999EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.8 views

SUSE CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

5.4CVSS6.2AI score0.0627EPSS
Exploits1References86
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.5 views

SUSE CVE-2022-27782

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

7.5CVSS7.4AI score0.02596EPSS
Exploits1References68
Tenable Nessus
Tenable Nessus
added 2022/12/15 12:0 a.m.73 views

HCL BigFix Multiple Vulnerabilities (KB0098998)

The version of HCL BigFix Client installed on the remote host is affected by multiple vulnerabilities, including the following: - An improper authentication vulnerability exists in the curl subcomponent which might allow reuse OAUTH2-authenticated connections without properly making sure that the...

8.1CVSS6.7AI score0.03425EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2022/11/15 12:0 a.m.36 views

NewStart CGSL MAIN 6.02 : curl Multiple Vulnerabilities (NS-SA-2022-0083)

The remote NewStart CGSL host, running version MAIN 6.02, has curl packages installed that are affected by multiple vulnerabilities: - Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. CVE-2020-8231 - A malicious server can use the FTP...

7.5CVSS6.8AI score0.09917EPSS
Exploits8References19
Snyk
Snyk
added 2022/11/08 11:0 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. When a timeout occurs under a high load, it can cause incorrect data to be returned as the result of an asynchronously executed query. Notes: 1 This vulnerability only affects applications that communicate with...

5.8CVSS5.9AI score0.00747EPSS
Exploits0References2
Snyk
Snyk
added 2022/11/08 11:0 p.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. When a timeout occurs under a high load, it can cause incorrect data to be returned as the result of an asynchronously executed query. Notes: 1 This vulnerability only affects applications that communicate with...

5.8CVSS7.2AI score0.00747EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/09/24 12:0 a.m.105 views

EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2022-2377)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated...

8.1CVSS6.7AI score0.03425EPSS
Exploits4References5
Rows per page
Query Builder