12 matches found
CVE-2026-4873
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...
ALPINE-CVE-2026-4873
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...
curl: HSTS bypass via IDN
A vulnerability was found in curl. The issue can occur when curl's HSTS check is bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL. Suppose the hostname in the given...
curl 安全漏洞
curl is a tool for transferring data from or to a server. A security vulnerability exists in versions prior to curl v7.88.0, which stems from a sensitive information clear-text transfer vulnerability that can be exploited by an attacker to cause HSTS functionality to fail by requesting multiple...
curl 安全漏洞
curl is a tool for transferring data from or to a server. A security vulnerability exists in versions prior to curl v7.88.0, which stems from the presence of a sensitive information clear-text transfer vulnerability that can be exploited by an attacker to cause HSTS functionality to fail by...
DEBIAN-CVE-2022-43551
A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...
UBUNTU-CVE-2022-43551
A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...
Synology DiskStation Manager Sensitive Information Plaintext Transfer Vulnerability
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A sensitive information clear text transfer vulnerability exists in synorelay...
Synology DiskStation Manager Sensitive Information Plaintext Transfer Vulnerability (CNVD-2021-13674)
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A sensitive information clear text transfer vulnerability exists in...
Synology DiskStation Manager 安全漏洞
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A sensitive information clear text transfer vulnerability exists in...
Synology DiskStation Manager 安全漏洞
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A sensitive information clear text transfer vulnerability exists in synorelay...
CVE-2019-13947
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The user configuration menu in the web interface of the Control Center Server CCS transfers user passwords in clear to the client browser. An attacker with administrative privileges for the web interface could b...