Lucene search
K

129 matches found

ATTACKERKB
ATTACKERKB
added 2022/09/16 6:15 a.m.2 views

CVE-2022-25652

Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking...

9CVSS5.3AI score0.00104EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/16 5:25 a.m.35 views

CVE-2022-25652

Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking...

9CVSS9.3AI score0.00104EPSS
Exploits0References1
Fedora
Fedora
added 2022/07/04 1:35 a.m.28 views

[SECURITY] Fedora 36 Update: terrier-0.0.2-6.fc36

Terrier is a Image and Container analysis tool that can be used to scan Images and Containers to identify and verify the presence of specific files according to their hashes...

9.3CVSS8.8AI score0.05994EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2022/04/07 12:0 a.m.5 views

The vulnerability of microprogramming software in embedded Qualcomm Android operating systems, related to data type conversion errors, allows attackers to escalate their privileges.

The vulnerability of microprogramming software in embedded Qualcomm Android operating systems is related to errors in data type conversion during the verification of file hash segments. Exploiting this vulnerability can allow attackers to enhance their privileges using a specially created malicio...

7.8CVSS7.6AI score0.00157EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/07 12:0 a.m.7 views

PT-2022-2077 · Qualcomm · Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions affected versions not specified Description: The issue is related to errors in data type conversion during the verification of a file's hash segment, potentially allowing an attacker to elevate their privileges...

8.8CVSS8.7AI score0.00157EPSS
Exploits0References11
OSV
OSV
added 2022/01/28 11:3 a.m.3 views

OESA-2022-1506 curl security update

Curl is used in command lines or scripts to transfer data. Security Fixes: When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from...

6.5CVSS7.2AI score0.04313EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.58 views

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-2751)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the...

7.5CVSS6.3AI score0.0982EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.45 views

EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2021-2769)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the...

7.5CVSS6.3AI score0.0982EPSS
Exploits5References6
OpenVAS
OpenVAS
added 2021/11/12 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2682)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.2AI score0.0982EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2021/11/11 12:0 a.m.249 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-2682)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.T...

7.5CVSS6.3AI score0.0982EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2021/11/11 12:0 a.m.36 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-2707)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.T...

7.5CVSS6.3AI score0.0982EPSS
Exploits5References6
Microsoft CVE
Microsoft CVE
added 2021/08/17 7:0 a.m.4 views

When curl is instructed to download content using the metalink feature thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.

...

6.5CVSS6.3AI score0.04313EPSS
Exploits1
NVD
NVD
added 2021/08/05 9:15 p.m.23 views

CVE-2021-22922

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and...

6.5CVSS0.04313EPSS
Exploits1References10
Prion
Prion
added 2021/08/05 9:15 p.m.23 views

Design/Logic Flaw

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and...

4.3CVSS6.8AI score0.04313EPSS
Exploits1References10Affected Software4
Debian CVE
Debian CVE
added 2021/08/05 12:0 a.m.48 views

CVE-2021-22922

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and...

6.5CVSS6.6AI score0.04313EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2021/08/05 12:0 a.m.39 views

CVE-2021-22922

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and...

6.5CVSS6.9AI score0.04313EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2021/07/21 12:0 a.m.38 views

CVE-2021-22922

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and...

6.5CVSS6.5AI score0.04313EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2020/05/07 12:0 a.m.6 views

The vulnerabilities of the functions Version.fetch_binary() and Version.fetch_source() in the python-apt package installation module allow a attacker to compromise data integrity.

The vulnerability of the Version.fetchbinary and Version.fetchsource functions in the python-apt package installation module is related to the improper verification of the MD5 hash sum only for the uploaded files. Exploiting this vulnerability could allow a remote attacker to compromise data...

3.4CVSS5.5AI score0.0044EPSS
Exploits0References8Affected Software4
OSV
OSV
added 2020/01/20 12:0 a.m.3 views

UBUNTU-CVE-2019-15796

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...

4.7CVSS5.7AI score0.00496EPSS
Exploits0References4
NVD
NVD
added 2019/06/03 9:29 p.m.14 views

CVE-2019-12097

Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe...

7.8CVSS8AI score0.00582EPSS
Exploits0References1
Rows per page
Query Builder