Lucene search
K

324 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.2 views

SUSE CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

9.6CVSS9.1AI score0.04582EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.6 views

SUSE CVE-2018-7544

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...

5.3CVSS9.1AI score0.01899EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.4 views

SUSE CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS9.1AI score0.02037EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.6 views

SUSE CVE-2021-40330

gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...

5.4CVSS9.5AI score0.03074EPSS
Exploits1References7
Schneier on Security
Schneier on Security
added 2023/01/19 12:21 p.m.55 views

Security Analysis of Threema

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against...

2.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/01/06 12:0 a.m.27 views

EulerOS Virtualization 3.0.2.6 : git (EulerOS-SA-2023-1078)

According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in...

7.5CVSS8AI score0.03074EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/11/24 12:0 a.m.38 views

Debian: Security Advisory (DLA-3203-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.02037EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2022/11/04 12:0 a.m.31 views

Amazon Linux 2022 : sendmail, sendmail-cf, sendmail-milter (ALAS2022-2022-171)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-171 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates...

7.4CVSS7.4AI score0.02037EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/09/29 12:0 a.m.44 views

SUSE SLES15 Security Update : vsftpd (SUSE-SU-2022:3458-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3458-1 advisory. - CVE-2021-3618: Enforced security checks against ALPACA attack PM-3322, jscSLE-23895, bsc1187686, bsc1187678. - Added hardening to systemd...

7.4CVSS7.1AI score0.02037EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 4:23 a.m.18 views

Security Bulletin: IBM SONAS Fix Available for SONAS Cross Protocol Vulnerability (CVE-2013-0500)

Abstract IBM SONAS includes a flaw in the handling of special files created by an NFS client resulting in a vulnerability reported against IBM SONAS. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0500 DESCRIPTION: A flaw in the IBM SONAS code for handling special files in particular character a...

5.4CVSS6.1AI score0.00987EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/19 10:54 p.m.62 views

Security Bulletin: Vulnerabilities in libcurl affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents

Summary Multiple vulnerabilities in libcurl affect the IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents. These vulnerabilities include obtaining sensitive information, man-in-the-middle attacks, denial of service, and bypassing of security restrictions. Vulnerability Details...

9.8CVSS8.2AI score0.3197EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/17 12:4 p.m.75 views

Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Protect Plus (CVE-2021-22946, CVE-2022-27782, CVE-2022-27774, CVE-2022-22576, CVE-2021-22947, CVE-2022-27776)

Summary Vulnerabilities in libcurl such as bypassing security restrictions, obtaining sensitive information, and man-in-the-middle attacks may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID:CVE-2021-22946 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive...

8.1CVSS7.5AI score0.04224EPSS
Exploits6Affected Software1
OpenVAS
OpenVAS
added 2022/07/29 12:0 a.m.27 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2128)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.3AI score0.03425EPSS
Exploits4References2
RedHat Linux
RedHat Linux
added 2022/07/01 12:7 a.m.4 views

curl: credential leak on redirect

A vulnerability was found in curl. This security flaw allows leaking credentials to other servers when it follows redirects from auth-protected HTTPS URLs to other protocols and port numbers...

5.7CVSS7.1AI score0.01595EPSS
Exploits1References5
Microsoft CVE
Microsoft CVE
added 2022/06/15 7:0 a.m.2 views

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

...

5.7CVSS6.8AI score0.01595EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2022/06/01 12:0 a.m.6 views

CVE-2022-27774

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTPS redirects is used with authentication could leak credentials to other services that exist on different protocols ...

6.7AI score0.01595EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2022/05/20 10:35 p.m.23 views

CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

9.6CVSS5.7AI score0.04582EPSS
Exploits1References1
OSV
OSV
added 2022/05/11 11:3 a.m.3 views

OESA-2022-1637 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as...

7.4CVSS6.9AI score0.02037EPSS
Exploits0References2
curl security advisories
curl security advisories
added 2022/04/27 8:0 a.m.71 views

Credential leak on redirect

curl follows HTTPS redirects when asked to. curl also supports authentication. When a user and password are provided for a URL with a given hostname, curl makes an effort to not pass on those credentials to other hosts in redirects unless given permission with a special option. This "same host...

5.7CVSS6.1AI score0.01595EPSS
Exploits1References1Affected Software2
Microsoft CVE
Microsoft CVE
added 2022/04/05 7:0 a.m.4 views

ALPACA is an application layer protocol content confusion attack exploiting TLS servers implementing different protocols but using compatible certificates such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

...

7.4CVSS7.5AI score0.02037EPSS
Exploits0
Rows per page
Query Builder