Lucene search
K

153 matches found

OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2014:1524-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS5.2AI score0.99999EPSS
Exploits7References3
OSV
OSV
added 2021/04/04 10:5 p.m.7 views

OPENSUSE-SU-2021:0510-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup bsc1183934 - CVE-2021-22876: Automatic referer leaks credentials bsc1183933 This update was imported from the SUSE:SLE-15-SP2:Update update project...

5.3CVSS5.3AI score0.05301EPSS
Exploits2References5
CNVD
CNVD
added 2021/04/02 12:0 a.m.7 views

HAXX libcurl man-in-the-middle attack vulnerability (CNVD-2021-31934)

HAXX libcurl is an open source client-side URL transport library from the Swedish company Haxx. It supports protocols such as FTP, SFTP, TFTP and HTTP. HAXX libcurl suffers from a man-in-the-middle attack vulnerability that can be exploited by an attacker to act as a man-in-the-middle by...

4.3CVSS6.4AI score0.03141EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2021/04/01 5:46 p.m.1 views

CVE-2021-22890

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...

5.3AI score0.03141EPSS
Exploits1References9
OSV
OSV
added 2021/04/01 3:45 p.m.7 views

SUSE-SU-2021:1006-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup bsc1183934 - CVE-2021-22876: Automatic referer leaks credentials bsc1183933...

5.3CVSS5.2AI score0.05301EPSS
Exploits2References5
OSV
OSV
added 2021/03/31 8:0 a.m.10 views

CURL-CVE-2021-22890 TLS 1.3 session ticket proxy host mix-up

Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes. When using an HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote serve...

4.3CVSS5.5AI score0.03141EPSS
Exploits1
CNNVD
CNNVD
added 2021/03/31 12:0 a.m.4 views

Haxx libcurl 安全漏洞

HAXX libcurl is an open source client-side URL transport library from the Swedish company Haxx. It supports protocols such as FTP, SFTP, TFTP and HTTP. HAXX libcurl suffers from a man-in-the-middle attack vulnerability that can be exploited by an attacker to act as a man-in-the-middle by...

4.3CVSS5.7AI score0.03141EPSS
Exploits1References26
FreeBSD
FreeBSD
added 2021/03/31 12:0 a.m.35 views

curl -- TLS 1.3 session ticket proxy host mixup

Daniel Stenberg reports: Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arriv...

4.3CVSS5.8AI score0.03141EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2020/07/31 12:0 a.m.11 views

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2020-1803)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.7AI score0.17507EPSS
Exploits3References2
OSV
OSV
added 2020/06/20 10:45 p.m.7 views

MGASA-2020-0268 Updated gnutls packages fix security vulnerability

Updated gnutls packages fix security vulnerability: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker...

7.4CVSS7.5AI score0.17507EPSS
Exploits3References3
Mageia
Mageia
added 2020/06/20 10:45 p.m.46 views

Updated gnutls packages fix security vulnerability

Updated gnutls packages fix security vulnerability: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker...

7.4CVSS2.7AI score0.17507EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2020/06/11 12:0 a.m.29 views

openSUSE Security Update : gnutls (openSUSE-2020-790)

This update for gnutls fixes the following issues : - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker ...

7.4CVSS7.5AI score0.17507EPSS
Exploits3References3
OpenVAS
OpenVAS
added 2020/06/11 12:0 a.m.27 views

openSUSE: Security Advisory for gnutls (openSUSE-SU-2020:0790-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.4CVSS7.7AI score0.17507EPSS
Exploits3References2
OPENSUSE Linux
OPENSUSE Linux
added 2020/06/10 12:0 a.m.54 views

Security update for gnutls (important)

openSUSE Security Update: Security update for gnutls Announcement ID: openSUSE-SU-2020:0790-1 Rating: important References: 1172461 1172506 Cross-References: CVE-2020-13777 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available...

7.4CVSS7.6AI score0.17507EPSS
Exploits3References2
OSV
OSV
added 2020/06/09 4:39 p.m.9 views

SUSE-SU-2020:1584-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker t...

7.4CVSS7.5AI score0.17507EPSS
Exploits3References4
Gentoo Linux
Gentoo Linux
added 2020/06/09 12:0 a.m.32 views

GnuTLS: Information disclosure

Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description A flaw was reported in the TLS session ticket key construction in GnuTLS. Impact A remote attacker could recover previous conversations in TLS 1.2 and obtain sensitive information or conduct a...

7.4CVSS2.6AI score0.17507EPSS
Exploits3
Debian
Debian
added 2020/06/06 5:16 p.m.28 views

[SECURITY] [DSA 4697-1] gnutls28 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4697-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2020 https://www.debian.org/security/faq -...

5.8CVSS2AI score0.17507EPSS
Exploits3
OpenVAS
OpenVAS
added 2020/06/06 12:0 a.m.27 views

Ubuntu: Security Advisory (USN-4384-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.6AI score0.17507EPSS
Exploits3References2
OSV
OSV
added 2020/06/05 5:9 p.m.3 views

USN-4384-1 gnutls28 vulnerability

It was discovered that GnuTLS incorrectly handled session ticket encryption keys. A remote attacker could possibly use this issue to bypass authentication or recover sensitive information...

7.4CVSS7.2AI score0.17507EPSS
Exploits3References2
OSV
OSV
added 2020/06/04 7:15 a.m.4 views

ALPINE-CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

7.4CVSS7.1AI score0.17507EPSS
Exploits3References1
Rows per page
Query Builder