324 matches found
SUSE CVE-2018-5704
Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...
SUSE CVE-2018-7544
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...
SUSE CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
SUSE CVE-2021-40330
gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...
Security Analysis of Threema
A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against...
EulerOS Virtualization 3.0.2.6 : git (EulerOS-SA-2023-1078)
According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in...
Debian: Security Advisory (DLA-3203-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2022 : sendmail, sendmail-cf, sendmail-milter (ALAS2022-2022-171)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-171 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates...
SUSE SLES15 Security Update : vsftpd (SUSE-SU-2022:3458-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3458-1 advisory. - CVE-2021-3618: Enforced security checks against ALPACA attack PM-3322, jscSLE-23895, bsc1187686, bsc1187678. - Added hardening to systemd...
Security Bulletin: IBM SONAS Fix Available for SONAS Cross Protocol Vulnerability (CVE-2013-0500)
Abstract IBM SONAS includes a flaw in the handling of special files created by an NFS client resulting in a vulnerability reported against IBM SONAS. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0500 DESCRIPTION: A flaw in the IBM SONAS code for handling special files in particular character a...
Security Bulletin: Vulnerabilities in libcurl affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents
Summary Multiple vulnerabilities in libcurl affect the IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents. These vulnerabilities include obtaining sensitive information, man-in-the-middle attacks, denial of service, and bypassing of security restrictions. Vulnerability Details...
Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Protect Plus (CVE-2021-22946, CVE-2022-27782, CVE-2022-27774, CVE-2022-22576, CVE-2021-22947, CVE-2022-27776)
Summary Vulnerabilities in libcurl such as bypassing security restrictions, obtaining sensitive information, and man-in-the-middle attacks may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID:CVE-2021-22946 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2128)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
curl: credential leak on redirect
A vulnerability was found in curl. This security flaw allows leaking credentials to other servers when it follows redirects from auth-protected HTTPS URLs to other protocols and port numbers...
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
...
CVE-2022-27774
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTPS redirects is used with authentication could leak credentials to other services that exist on different protocols ...
CVE-2018-5704
Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...
OESA-2022-1637 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as...
Credential leak on redirect
curl follows HTTPS redirects when asked to. curl also supports authentication. When a user and password are provided for a URL with a given hostname, curl makes an effort to not pass on those credentials to other hosts in redirects unless given permission with a special option. This "same host...
ALPACA is an application layer protocol content confusion attack exploiting TLS servers implementing different protocols but using compatible certificates such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
...