5687 matches found
CVE-2026-4873
CVE-2026-4873 is a TLS-reuse issue observed in curl-related advisories. The vulnerability arises when a TLS-requiring connection reuses an existing unencrypted connection from the same pool: if the initial transfer is unencrypted (e.g., via IMAP, SMTP, or POP3), a subsequent request to the same h...
CVE-2026-4873
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...
CVE-2026-4873
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...
CVE-2026-4873 connection reuse ignores TLS requirement
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...
curl 安全漏洞
curl is an open-source tool developed by cURL, used for transferring data from or to a server. Curl has a security vulnerability, which stems from a logic error in connection reuse. This error may cause TLS-enabled connections to incorrectly reuse existing unencrypted connections, resulting in da...
Arqit Symmetric Key Agreement Platform 安全漏洞
The Arqit Symmetric Key Agreement Platform is a quantum-safe key negotiation platform developed by Arqit Corporation. Versions prior to 26.03 of the Arqit Symmetric Key Agreement Platform contained security vulnerabilities. These vulnerabilities stemmed from exposing the QKEY and internal system...
PT-2026-40762
Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...
sealed-env 信息泄露漏洞
Sealed-Env is a cross-platform zero-trust key management library developed by David Almeida. It supports encrypted storage and TOTP verification. Versions of Sealed-Env from 0.1.0-alpha.1 to 0.1.0-alpha.3 contained information leakage vulnerabilities. These vulnerabilities stemmed from the fact...
Catalyst::Plugin::Statsd 安全漏洞
Catalyst::Plugin::Statsd is a plugin module by Robert Rothenberg, an individual developer, for capturing application runtime metrics and sending them to a statistics system. A security vulnerability exists in Catalyst::Plugin::Statsd 0.10.0 and earlier versions, which stems from an unencrypted...
Plack::Middleware::Statsd 安全漏洞
Plack::Middleware::Statsd is a middleware component for logging web request metrics and sending them to a statistics system by Robert Rothenberg, an individual developer. A security vulnerability exists in Plack::Middleware::Statsd prior to version 0.9.0, which stems from an unencrypted...
Ruby net-imap < 0.3.10 / 0.4.x < 0.4.24 / 0.5.x < 0.5.14 / 0.6.x < 0.6.4 vulnerability
The version of the net-imap Ruby library installed on the remote host is prior to 0.3.10, 0.4.x prior to 0.4.24, 0.5.x prior to 0.5.14, or 0.6.x prior to 0.6.4. It is, therefore, affected by a man-in-the-middle vulnerability. A flaw in the Net::IMAPstarttls function allows a man-in-the-middle...
[SECURITY] Fedora 43 Update: krb5-1.22.2-4.fc43
Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form...
EUVD-2025-209663
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...
CVE-2025-59852
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...
CVE-2025-59852
CVE-2025-59852 affects HCL DFXAnalytics. The vulnerability is described as Insufficient Transport Layer Protection, where data is transmitted over the network without encryption, potentially compromising the confidentiality, integrity, and authentication of sensitive information. The available do...
PT-2026-37440
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...
RHCOS 3 : OpenShift Container Platform 3.11 (RHSA-2019:2817)
The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2817 advisory. - HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9512 - HTTP/2: flood using HEADERS frames results in...
UBUNTU-CVE-2026-4873
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...
CURL-CVE-2026-4873 connection reuse ignores TLS requirement
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...
connection reuse ignores TLS requirement
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...