Lucene search
K

28 matches found

Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.35 views

RHEL 6 / 7 : httpd24 (RHSA-2018:3558)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...

10CVSS7AI score0.86006EPSS
Exploits0References89
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:31 p.m.34 views

Security Bulletin: Vulnerabilities in cURL/libcURL affect IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware

Summary IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware has addressed the following vulnerabilities in cURL/libcURL. Vulnerability Details CVEID: CVE-2017-1000100 DESCRIPTION: cURL could allow a remote attacker to obtain sensitive information, caused by a TFTP URL...

7.5CVSS0.8AI score0.15063EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.26 views

Debian: Security Advisory (DLA-586-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8AI score0.15063EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.23 views

Slackware: Security Advisory (SSA:2016-219-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.1AI score0.15063EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.27 views

SUSE: Security Advisory (SUSE-SU-2016:2449-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.15063EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.33 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2016-1074)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.15063EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/11/13 8:36 a.m.508 views

Moderate: Red Hat Security Advisory: httpd24 security, bug fix, and enhancement update

An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

10CVSS7AI score0.86006EPSS
Exploits0References49
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:34 a.m.43 views

Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple cURL/libcURL vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)

Summary Multiple security vulnerabilities have been identified in cURL/libcURL that is embedded in IBM FSM. This bulletin addresses these issues. Vulnerability Details CVEID: CVE-2016-5419 DESCRIPTION: cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failu...

7.5CVSS1AI score0.15063EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/11/11 12:0 a.m.69 views

Oracle Linux 7 : curl (ELSA-2016-2575)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2575 advisory. - fix incorrect use of a previously loaded certificate from file related to CVE-2016-5420 - acknowledge the --no-sessionid/CURLOPTSSLSESSIONIDCACHE...

7.5CVSS6.7AI score0.15063EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2016/11/09 12:0 a.m.46 views

curl security, bug fix, and enhancement update

7.29.0-35 - fix incorrect use of a previously loaded certificate from file related to CVE-2016-5420 7.29.0-34 - acknowledge the --no-sessionid/CURLOPTSSLSESSIONIDCACHE option required by the fix for CVE-2016-5419 7.29.0-33 - fix re-using connections with wrong client cert CVE-2016-5420 - fix TLS...

7.5CVSS0.2AI score0.15063EPSS
Exploits0
OpenVAS
OpenVAS
added 2016/11/04 12:0 a.m.36 views

RedHat Update for curl RHSA-2016:2575-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.15063EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2016/10/26 12:0 a.m.30 views

Amazon Linux: Security Advisory (ALAS-2016-742)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.6AI score0.11737EPSS
Exploits0References2
Amazon
Amazon
added 2016/09/27 12:0 a.m.57 views

Low: curl

Issue Overview: After testing original CVE-2016-5420 patch, it was discovered that libcurl built on top of NSS Network Security Services still incorrectly re-uses client certificates if a certificate from file is used for one TLS connection but no certificate is set for a subsequent TLS connectio...

9.8CVSS9AI score0.14596EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/09/26 12:0 a.m.25 views

openSUSE Security Update : curl (openSUSE-2016-1124)

This update for curl fixes the following issues : Security issues fixed : - CVE-2016-5419: TLS session resumption client cert bypass bsc991389 - CVE-2016-5420: Re-using connections with wrong client cert bsc991390 - CVE-2016-5421: use of connection struct after free bsc991391 - CVE-2016-7141: Fix...

8.1CVSS6.4AI score0.15063EPSS
Exploits0References9
NVD
NVD
added 2016/08/10 2:59 p.m.19 views

CVE-2016-5420

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate...

7.5CVSS7.8AI score0.14596EPSS
Exploits0References18
OSV
OSV
added 2016/08/10 2:59 p.m.30 views

CVE-2016-5420

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate...

7.5CVSS7.1AI score0.14596EPSS
Exploits0References18
Debian CVE
Debian CVE
added 2016/08/10 2:0 p.m.47 views

CVE-2016-5420

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate...

7.5CVSS8AI score0.14596EPSS
Exploits0
CVE
CVE
added 2016/08/10 2:0 p.m.225 views

CVE-2016-5420

CVE-2016-5420 affects curl/libcurl prior to 7.50.1, where the client certificate is not checked when reusing a TLS connection, enabling an attacker to hijack the authentication of an existing connection by leveraging a previously loaded client certificate. The related advisories confirm that this...

7.5CVSS7.1AI score0.14596EPSS
Exploits0References18Affected Software1
AlpineLinux
AlpineLinux
added 2016/08/10 2:0 p.m.50 views

CVE-2016-5420

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate...

7.5CVSS8AI score0.14596EPSS
Exploits0
OpenVAS
OpenVAS
added 2016/08/09 12:0 a.m.31 views

Ubuntu: Security Advisory (USN-3048-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.5AI score0.15063EPSS
Exploits0References2
Rows per page
Query Builder