Lucene search
K

178 matches found

Fedora
Fedora
added 2024/04/19 9:41 p.m.38 views

[SECURITY] Fedora 40 Update: curl-8.6.0-8.fc40

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

8.6CVSS9AI score0.36081EPSS
Exploits2
Veracode
Veracode
added 2024/04/05 2:9 a.m.25 views

TLS Certificate Check Bypass

libcurl is vulnerable to TLS Certificate Check Bypass. The vulnerability is caused due to libcurl not checking the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the...

6.5CVSS6.5AI score0.01299EPSS
Exploits1References13Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/03/29 12:0 a.m.72 views

Curl 8.5.0 < 8.7.0 TLS Certificate Check Bypass (CVE-2024-2466)

The version of Curl installed on the remote host is between 8.5.0 and prior to 8.7.0. It is, therefore, affected by a certificate check bypass vulnerability. libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcu...

6.5CVSS6.8AI score0.01299EPSS
Exploits1References2
NVD
NVD
added 2024/03/27 8:15 a.m.21 views

CVE-2024-2466

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate...

6.5CVSS7.3AI score0.01299EPSS
Exploits1References12
OSV
OSV
added 2024/03/27 8:0 a.m.29 views

CURL-CVE-2024-2466 TLS certificate check bypass with mbedTLS

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate...

6.5CVSS6.3AI score0.01299EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/03/27 7:58 a.m.22 views

CVE-2024-2466 TLS certificate check bypass with mbedTLS

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate...

6.6AI score0.01299EPSS
Exploits1References11
Cvelist
Cvelist
added 2024/03/27 7:58 a.m.30 views

CVE-2024-2466 TLS certificate check bypass with mbedTLS

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate...

5.4AI score0.01299EPSS
Exploits1References11
UbuntuCve
UbuntuCve
added 2024/03/27 7:0 a.m.41 views

CVE-2024-2466

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate...

6.5CVSS6.8AI score0.01299EPSS
Exploits1References2
Hacker One
Hacker One
added 2024/03/14 2:38 p.m.135 views

curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS

The Curl library had a security vulnerability where the certificate name check was bypassed when connecting to a host via its IP address. This could have potentially introduced spoofing attacks or unauthorized access due to unverified server certificate. The issue affected Curl with MbedTLS from...

6.5CVSS6.4AI score0.06377EPSS
Exploits4
OpenVAS
OpenVAS
added 2023/12/27 12:0 a.m.7 views

Fedora: Security Advisory (FEDORA-2023-7141950083)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
OpenVAS
OpenVAS
added 2023/12/24 12:0 a.m.6 views

Fedora: Security Advisory for filezilla (FEDORA-2023-7934efb5e3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2023/12/23 4:35 a.m.23 views

[SECURITY] Fedora 38 Update: filezilla-3.66.4-1.fc38

FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS FTPS and SSH File Transfer Protocol SFTP - Cross-platform - Available in many languages - Supports resume and transfer of large files greater than 4GB - Easy to use Site Manager and transfe...

7.3AI score
Exploits0
Fedora
Fedora
added 2023/10/28 1:25 a.m.49 views

[SECURITY] Fedora 37 Update: curl-7.85.0-12.fc37

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

9.8CVSS8.6AI score0.78483EPSS
Exploits6
Fedora
Fedora
added 2023/08/01 1:32 a.m.33 views

[SECURITY] Fedora 37 Update: curl-7.85.0-10.fc37

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

6AI score
Exploits0
NVD
NVD
added 2023/05/10 4:15 p.m.42 views

CVE-2022-46377

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs wh...

7.5CVSS6.6AI score0.0148EPSS
Exploits1References3
Prion
Prion
added 2023/05/10 4:15 p.m.21 views

Design/Logic Flaw

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs wh...

5CVSS7.4AI score0.01419EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/05/10 4:15 p.m.22 views

Authentication flaw

An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this...

5CVSS7.7AI score0.01488EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/05/10 3:23 p.m.12 views

CVE-2022-46377

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs wh...

6.5CVSS6.7AI score0.0148EPSS
Exploits1References5
CVE
CVE
added 2023/05/10 3:23 p.m.46 views

CVE-2022-46377

Weston Embedded uC-FTPs 1.98.00 has an out-of-bounds read in the PORT command argument extraction. When no IP address argument is provided to PORT, the server may misparse the buffer, potentially leading to denial of service. Concrete details in Talos/TALOS-2022-1681 describe the vulnerable code ...

7.5CVSS7.4AI score0.0148EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/05/10 3:23 p.m.48 views

CVE-2022-46377

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs wh...

6.5CVSS7.6AI score0.0148EPSS
Exploits1References2
Rows per page
Query Builder