CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

Internet Bug Bounty: CVE-2023-23915: HSTS amnesia with --parallel

Multiple transfers in parallel using curl's HSTS cache saving feature resulted in the cache file being overwritten by the most recently completed transfer, causing a later HTTP-only transfer to the earlier hostname to not get upgraded properly to HSTS, leading to a bypass of intended security...

UBUNTU-CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

Apache Ivy 路径遍历漏洞

Apache Ivy is a deliverable package manager from the Apache Foundation USA. A path traversal vulnerability exists in Apache Ivy versions prior to 2.5.1, which stems from the fact that artifacts may be stored outside of Ivy's local cache or repository, or can overwrite different artifacts within t...

CVE-2022-27924

Zimbra Collaboration aka ZCS 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries...

CVE-2022-27924

CVE-2022-27924 affects Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0, allowing an unauthenticated attacker to inject arbitrary memcache commands into a targeted ZCS instance, with those commands becoming unescaped and enabling overwriting of arbitrary cached entries and extraction of credential...

The vulnerability of the `copy_page_to_iter_pipe` and `push_pipe` functions in the Linux operating system allows a hacker to overwrite the contents of page cache for arbitrary files.

The vulnerability of the copypagetoiterpipe and pushpipe functions in the Linux operating system is related to errors in permission storage. Exploiting this vulnerability could allow an attacker to rewrite the contents of page cache for arbitrary files...

DEBIAN-CVE-2012-1033

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack...

CVE-2000-0612

CVE-2000-0612 affects Windows 95 and Windows 98 ; spoofed ARP packets allow remote attackers to overwrite static ARP cache entries. The connected records confirm the impact but do not include a provided patch or concrete mitigation details in the supplied documents.