Lucene search
K

7 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in curl

When the curl command is used to retrieve content using the Metalink feature, and a user name and password are used to download the Metalink XML file, those same credentials are then passed to each server from which the curl command will attempt to download or retrieve the content. This often...

5.3CVSS6.5AI score0.01843EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.10 views

SUSE CVE-2021-22923

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...

5.3CVSS7.1AI score0.01843EPSS
Exploits1References85
Microsoft CVE
Microsoft CVE
added 2021/08/14 7:0 a.m.3 views

When curl is instructed to get content using the metalink feature and a user name and password are used to download the metalink XML file those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.

...

5.3CVSS7AI score0.01843EPSS
Exploits1
OSV
OSV
added 2021/08/05 9:15 p.m.3 views

AZL-6362 CVE-2021-22923 affecting package curl for versions less than 7.76.0-5

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...

5.3CVSS6.5AI score0.01843EPSS
Exploits1References1
OSV
OSV
added 2021/08/05 9:15 p.m.10 views

ALPINE-CVE-2021-22923

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...

5.3CVSS7AI score0.01843EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2020/06/30 5:45 p.m.55 views

StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks

The APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The malware served offers operators the ability to search for and exfiltrate any file or document from a victim’s machine. The group a.k.a. Promethium is operating a...

7.8AI score
Exploits0References12
Talos Blog
Talos Blog
added 2017/09/18 12:51 a.m.1163 views

CCleanup: A Vast Number of Machines at Risk

This post was authored by: Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig WilliamsUpdate 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affectedUpdate 9/19: This issue was discovered and reported by both Morphisec and Cisco in separate in-field cases and...

7.6AI score
Exploits0
Rows per page
Query Builder