Lucene search
+L

154 matches found

CNNVD
CNNVD
added 2024/01/26 12:0 a.m.5 views

OpenSSL Security Vulnerabilities

OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

5.5CVSS8AI score0.03174EPSS
Exploits0References10
OSV
OSV
added 2023/09/12 10:15 a.m.3 views

CVE-2023-40729

A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application lacks security control to prevent unencrypted communication without HTTPS. An attacker who managed to gain machine-in-the-middle position could manipulate, or steal confidential information...

7.4CVSS5.7AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/06/05 11:46 a.m.8 views

curl: HSTS bypass via IDN

A vulnerability was found in curl. The issue can occur when curl's HSTS check is bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL. Suppose the hostname in the given...

7.5CVSS6.7AI score0.1654EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2023/05/29 9:50 a.m.2 views

New GobRAT Remote Access Trojan Targeting Linux Routers in Japan

Linux routers in Japan are the target of a new Golang remote access trojan RAT called GobRAT. "Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT," the JPCERT Coordination Center JPCERT/CC...

7.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.5 views

SUSE CVE-2008-7297

Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS includeSubDomains featur...

5.8CVSS6.9AI score0.01005EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.4 views

SUSE CVE-2020-14577

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

3.7CVSS5.3AI score0.03284EPSS
Exploits0References19
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.9 views

SUSE CVE-2021-22926

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPTSSLCERT option --cert with the command line tool.When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificat...

7.5CVSS6.3AI score0.0982EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/07/12 2:15 p.m.2 views

CVE-2022-33173

An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead...

7.5CVSS5.8AI score0.01133EPSS
Exploits0References4
CNVD
CNVD
added 2022/05/08 12:0 a.m.16 views

OpenSSL Denial of Service Vulnerability (CNVD-2022-37792)

OpenSSL is an open source general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports multiple cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashi...

7.5CVSS1.3AI score0.02386EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.59 views

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-2751)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the...

7.5CVSS6.3AI score0.0982EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2021/11/11 12:0 a.m.36 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-2707)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.T...

7.5CVSS6.3AI score0.0982EPSS
Exploits5References6
RedhatCVE
RedhatCVE
added 2021/10/20 6:48 p.m.65 views

CVE-2021-22926

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPTSSLCERT option --cert with the command line tool.When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificat...

7.5CVSS0.1AI score0.0982EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2021/10/08 7:0 a.m.2 views

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations exposing possibly sensitive data in clear text over the network.

...

7.5CVSS7AI score0.04224EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2021/08/25 12:0 a.m.10 views

PT-2021-22796 · Primekey · Primekey Ejbca

Name of the Vulnerable Software and Affected Versions: PrimeKey EJBCA versions prior to 7.6.0 Description: An issue was discovered where the enrollment secret for SCEP, CMP, EST, and Auto-enrollment aliases is reflected on a page, accessible to administrators. Although the secret is hidden from...

3.5CVSS3.8AI score0.00542EPSS
Exploits0References3
OSV
OSV
added 2021/08/20 11:3 a.m.11 views

OESA-2021-1321 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pai...

7.5CVSS6.8AI score0.0982EPSS
Exploits2References3
Microsoft CVE
Microsoft CVE
added 2021/08/17 7:0 a.m.3 views

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`) a malicious user can create a file name with the same name as the app wants to use by name and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.

...

7.5CVSS6.2AI score0.0982EPSS
Exploits1
OSV
OSV
added 2021/08/05 9:15 p.m.3 views

ALPINE-CVE-2021-22926

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPTSSLCERT option --cert with the command line tool.When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificat...

7.5CVSS6.9AI score0.0982EPSS
Exploits1References1
OSV
OSV
added 2021/08/05 9:15 p.m.33 views

CVE-2021-22926

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPTSSLCERT option --cert with the command line tool.When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificat...

7.5CVSS0.1AI score0.0982EPSS
Exploits1References11
OSV
OSV
added 2021/08/05 9:15 p.m.7 views

AZL-6364 CVE-2021-22926 affecting package curl for versions less than 7.82.0-1

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPTSSLCERT option --cert with the command line tool.When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificat...

7.5CVSS6.4AI score0.0982EPSS
Exploits1References1
Prion
Prion
added 2021/08/05 9:15 p.m.22 views

Design/Logic Flaw

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPTSSLCERT option --cert with the command line tool.When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificat...

5CVSS7.2AI score0.0982EPSS
Exploits1References11Affected Software4
Rows per page
Query Builder