CVE-2026-46605

Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions. This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, fr...

PT-2026-45377

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Description Incomplete authorization in the server allows authenticated connections to remove existing destinations when they possess the proper permissions...

CVE-2026-46416 Microsoft UFO shared WebSocket handler state causes cross-client response hijacking

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in...

HCL BigFix Multiple Vulnerabilities (KB0098998)

The version of HCL BigFix Client installed on the remote host is affected by multiple vulnerabilities, including the following: - An improper authentication vulnerability exists in the curl subcomponent which might allow reuse OAUTH2-authenticated connections without properly making sure that the...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2128)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Authentication Bypass

curl is vulnerable to authentication bypass. A remote attacker is able to reuse OAUTH2-authenticated connections due to improper verification of credentials during a transfer, which allows the attacker to impersonate another user on the system...

SUSE: Security Advisory (SUSE-SU-2017:1389-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-20045

The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. Specially crafted malicious packets could cause disconnection of active authentic connections or reboot of device. This is a different issue than CVE-2019-16879 and...

SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2017:1389-1)

This update for java-160-ibm fixes the following issues : - Version update to 6.0-16.45 bsc1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative...

Scientific Linux Security Update : Moderate: OpenAFS on SL6.x, SL7.x i386/x86_64 (20180911)

These releases include fixes for three security advisories, OPENAFS-SA-2018-001, OPENAFS-SA-2018-002, and OPENAFS-SA-2018-003. OPENAFS-SA-2018-001 only affects deployments that run the 'butc' utility as part of the in-tree backup system, but is of high severity for those sites which are affected ...

RHEL 7 : python-paramiko (RHSA-2018:1213)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:1213 advisory. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines...

SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2017:1384-1)

This update for java-170-ibm fixes the following issues: Version update to 7.0-10.5 bsc1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number ...

chisel - A fast TCP tunnel over HTTP

Chisel is a fast TCP tunnel, transported over HTTP. Single executable including both client and server. Written in Go Golang. Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to crowbar though...

curl: re-using authenticated connection when unauthenticated

It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server...

cURL / libcURL 7.x < 7.42.0 Multiple Vulnerabilities

Binary data 8863.prm...

curl: re-using authenticated connection when unauthenticated

It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server...

SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2015:0990-1)

curl was updated to fix five security issues. The following vulnerabilities were fixed : - CVE-2015-3143: curl could re-use NTML authenticateds connections - CVE-2015-3144: curl could access memory out of bounds with zero length host names - CVE-2015-3145: curl cookie parser could access memory o...

Ubuntu: Security Advisory (USN-2591-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : curl vulnerabilities (USN-2591-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2591-1 advisory. Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. CVE-2015-3143...

Debian DLA-211-1 : curl security update

Several vulnerabilities were discovered in cURL, an URL transfer library : CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. This is similar to t...