Lucene search
K

52 matches found

Rosalinux
Rosalinux
added 2025/06/23 7:13 a.m.55 views

Advisory ROSA-SA-2025-2895

Software: nginx 1.20.1 OS: rosa-server79 packageevrstring: nginx-1.20.1-22.res7.2 CVE-ID: CVE-2021-3618 BDU-ID: 2022-00351 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vsftpd FTP server is related to a lack of protection for transmitted data. Exploitation of the vulnerability could allow an...

7.8CVSS7.9AI score0.99999EPSS
Exploits19
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.23 views

Linux Distros Unpatched Vulnerability : CVE-2021-3618

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, suc...

7.4CVSS7.4AI score0.02037EPSS
Exploits0References4
CBLMariner
CBLMariner
added 2025/01/12 9:15 a.m.96 views

CVE-2021-3618 affecting package sendmail 8.15.2-46

CVE-2021-3618 affecting package sendmail 8.15.2-46. No patch is available currently...

7.4CVSS8AI score0.02037EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/24 12:0 a.m.33 views

Photon OS 3.0: Sendmail PHSA-2022-3.0-0382

An update of the sendmail package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0382. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.4CVSS7.9AI score0.02037EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.23 views

RHEL 9 : nginx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nginx: memory leak in IPv4 Off Handler CVE-2022-3638 Note that Nessus has not tested for this issue but has instead...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/01/23 12:0 a.m.62 views

Amazon Linux 2 : vsftpd (ALAS-2024-2431)

The version of vsftpd installed on the remote host is prior to 3.0.2-25. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2431 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using...

7.4CVSS7.5AI score0.02037EPSS
Exploits0References4
Amazon
Amazon
added 2024/01/22 12:0 a.m.8 views

Medium: vsftpd

Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...

7.4CVSS7AI score0.02037EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.62 views

Medium: vsftpd

Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...

7.4CVSS7.8AI score0.02037EPSS
Exploits0
Rosalinux
Rosalinux
added 2023/10/22 6:5 a.m.74 views

Advisory ROSA-SA-2023-2269

Software: vsftpd 3.0.5 OS: ROSA-CHROME packageevrstring: vsftpd-3.0.5-1.src.rpm CVE-ID: CVE-2021-3618 BDU-ID: 2022-00351 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vsftpd FTP server is related to a lack of protection for transmitted data. Exploitation of the vulnerability could allow an...

7.4CVSS6.7AI score0.02037EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.42 views

Amazon Linux 2 : nginx (ALASNGINX1-2023-002)

The version of nginx installed on the remote host is prior to 1.20.0-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2023-002 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but...

7.4CVSS7.5AI score0.02037EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/18 12:0 a.m.100 views

Ubuntu 20.04 LTS : vsftpd vulnerability (USN-6379-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6379-1 advisory. It was discovered that vsftpd was vulnerable to the ALPACA TLS protocol content confusion attack. A remote attacker could possibly use this issue to redirect...

7.4CVSS7.6AI score0.02037EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/31 6:46 p.m.56 views

Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to cross-protocol attacks due to sendmail (CVE-2021-3618)

Summary sendmail is used by IBM Robotic Process Automation for Cloud Pak as part of the antivirus container. CVE-2021-3618 Vulnerability Details CVEID:CVE-2021-3618 DESCRIPTION: Sendmail, vsftpd and NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol...

7.4CVSS7.4AI score0.02037EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2023/03/22 12:0 a.m.20 views

Medium: vsftpd

Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...

7.4CVSS8AI score0.02037EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.165 views

Amazon Linux 2023 : vsftpd (ALAS2023-2023-019)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-019 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates...

7.4CVSS7.4AI score0.02037EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.63 views

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-099)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-099 advisory. 2024-02-15: CVE-2021-3618 was added to this advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using...

7.8CVSS7.3AI score0.02037EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.137 views

Amazon Linux 2023 : sendmail, sendmail-cf, sendmail-milter (ALAS2023-2023-018)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-018 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates...

7.4CVSS7.4AI score0.02037EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/20 12:0 a.m.123 views

CBL Mariner 2.0 Security Update: nginx / vsftpd (CVE-2021-3618)

The version of nginx / vsftpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3618 advisory. - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing...

7.4CVSS7.5AI score0.02037EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/17 4:26 p.m.51 views

K000132639: ALPACA: TLS vulnerability CVE-2021-3618

Security Advisory Description ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP...

7.4CVSS7.8AI score0.02037EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/11/30 12:0 a.m.28 views

SUSE SLES15 Security Update : nginx (SUSE-SU-2022:4266-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4266-1 advisory. - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685. Tenable has extracte...

7.4CVSS7.2AI score0.02037EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/11/30 12:0 a.m.34 views

SUSE: Security Advisory (SUSE-SU-2022:4265-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.9AI score0.02037EPSS
Exploits0References4
Rows per page
Query Builder