Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-54275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existi...

7.5CVSS5.8AI score0.00266EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/15 8:11 p.m.7 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the serverhostname parameter handling during HTTPS connection reuse. An attacker can bypass intended TLS SNI checks by reusing an existing connection with a different...

7.5CVSS5.3AI score0.00266EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/04/11 5:52 p.m.11 views

curl: Negotiate Authentication Premature on Connection Reuse

Summary: Curl 8.19.0+ inappropriately sends Negotiate authentication headers on reused keep-alive connections where authentication was already completed. Commit ab650379a8 June 2025 moved negotiate auth context to on-demand metadata storage, but during connection reuse the metadata gets cleared...

5.6AI score
Exploits0
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding...

5.5CVSS6.3AI score0.00276EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.1 views

SUSE CVE-2020-25694

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportuni...

6.5CVSS6.6AI score0.01574EPSS
Exploits0References21
RedHat Linux
RedHat Linux
added 2022/04/13 2:31 p.m.10 views

curl: Bad connection reuse due to flawed path name checks

A flaw was found in libcurl in the way libcurl handles previously used connections without accounting for 'issuer cert' and comparing the involved paths case-insensitively. This flaw allows libcurl to use the wrong connection. The highest threat from this vulnerability is to confidentiality...

4.3CVSS7.1AI score0.0627EPSS
Exploits1References5
curl security advisories
curl security advisories
added 2016/01/27 8:0 a.m.9 views

NTLM credentials not-checked for proxy connection reuse

libcurl reuses NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. libcurl maintains a pool of connections after a transfer has completed. The pool of connections is then gone through when a ne...

7.3CVSS7.4AI score0.09327EPSS
Exploits0Affected Software2
curl security advisories
curl security advisories
added 2015/04/22 8:0 a.m.7 views

Negotiate not treated as connection-oriented

libcurl keeps a pool of its last few connections around after use to facilitate easy, convenient and completely transparent connection reuse for applications. When doing HTTP requests Negotiate authenticated, the entire connection may become authenticated and not only the specific HTTP request...

5CVSS7.4AI score0.17942EPSS
Exploits0Affected Software2
Rows per page
Query Builder