Lucene search
+L

14 matches found

Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.6 views

Siemens SIMATIC S7-1500 Cleartext Transmission of Sensitive Information (CVE-2022-30115)

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or th...

4.3CVSS6.7AI score0.01118EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/07/24 12:0 a.m.25 views

Photon OS 3.0: Curl PHSA-2022-3.0-0406

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0406. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS6.9AI score0.03425EPSS
Exploits7References8
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.31 views

Photon OS 4.0: Curl PHSA-2022-4.0-0205

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0205. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS6.9AI score0.03425EPSS
Exploits7References8
Tenable Nessus
Tenable Nessus
added 2022/09/06 12:0 a.m.39 views

Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-065)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-065 advisory. A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials s...

8.1CVSS6.8AI score0.03425EPSS
Exploits8References17
CBLMariner
CBLMariner
added 2022/07/01 9:2 p.m.23 views

CVE-2022-30115 affecting package curl for versions less than 7.83.1-1

CVE-2022-30115 affecting package curl for versions less than 7.83.1-1. An upgraded version of the package is available that resolves this issue...

4.3CVSS6.2AI score0.01118EPSS
Exploits1
OSV
OSV
added 2022/06/01 12:0 a.m.36 views

CVE-2022-30115

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or th...

4.3CVSS5.7AI score0.01118EPSS
Exploits1References7
Cvelist
Cvelist
added 2022/06/01 12:0 a.m.31 views

CVE-2022-30115

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or th...

6.1AI score0.01118EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2022/06/01 12:0 a.m.54 views

CVE-2022-30115

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or th...

4.3CVSS5.9AI score0.01118EPSS
Exploits1
CVE
CVE
added 2022/06/01 12:0 a.m.217 views

CVE-2022-30115

CVE-2022-30115 describes an HSTS bypass in curl where the client could be forced to use HTTPS despite an HTTP URL, via mismatches between URL hostname trailing dots and HSTS cache entries. Connected advisories confirm the issue affects curl and was fixed in later releases; for example, Alpine/CUR...

4.3CVSS5.4AI score0.01118EPSS
Exploits1References5Affected Software1
ALT Linux
ALT Linux
added 2022/05/19 12:0 a.m.137 views

Security fix for the ALT Linux 10 package curl version 7.83.1-alt1

7.83.1-alt1 built May 19, 2022 Anton Farygin in task 299735 --- May 11, 2022 Anton Farygin - 7.83.1 - Fixes: CVE-2022-30115: HSTS bypass via trailing dot CVE-2022-27782: TLS and SSH connection too eager reuse CVE-2022-27781: CERTINFO never-ending busy-loop CVE-2022-27780: percent-encoded path...

5.8CVSS3.4AI score0.03453EPSS
Exploits6
OpenVAS
OpenVAS
added 2022/05/12 12:0 a.m.30 views

Slackware: Security Advisory (SSA:2022-131-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.1AI score0.03453EPSS
Exploits6References8
Slackware Linux
Slackware Linux
added 2022/05/11 7:4 p.m.204 views

[slackware-security] curl

New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-7.83.1-i586-1slack15.0.txz: Upgraded. This update fixes security issues: HSTS bypass via trailing dot. TLS and S...

8.1CVSS0.3AI score0.03453EPSS
Exploits6
Hacker One
Hacker One
added 2022/05/11 7:10 a.m.60 views

Internet Bug Bounty: CVE-2022-30115: HSTS bypass via trailing dot

Advisory: https://curl.se/docs/CVE-2022-30115.html Original Report: https://hackerone.com/reports/1557449 Impact HSTS bypass...

4CVSS6.3AI score0.01118EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2022/05/11 12:0 a.m.35 views

CVE-2022-30115

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or th...

4.3CVSS6.7AI score0.01118EPSS
Exploits1References3
Rows per page
Query Builder