15 matches found
EUVD-2016-5394
Malware in sbrugna...
EUVD-2015-5805
Malware in sbrugna...
Medium: curl
Issue Overview: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform...
ADC: HSTS not working on NetScaler Gateway when using a Standard License.
After enabling HSTS at the Gateway Virtual Server using SSL Profile or SSL Parameters, some responses still do not contain the HSTS header...
macOS 15.x < 15.4 Multiple Vulnerabilities (122373)
The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.4. It is, therefore, affected by multiple vulnerabilities: - executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move...
CVE-2024-1509 Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks...
Azure Linux 3.0 Security Update: cmake / curl / mysql / rust (CVE-2024-9681)
The version of cmake / curl / mysql / rust installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9681 advisory. - When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2024:3926-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3926-1 advisory. - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry bsc1232528 Tenable has extracted the...
AZL-34615 CVE-2023-23914 affecting package cmake for versions less than 3.21.4-10
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...
DEBIAN-CVE-2023-23914
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...
AZL-34601 CVE-2023-23915 affecting package cmake for versions less than 3.28.2-1
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
CVE-2021-35246 Unprotected Transport of Credentials (HSTS) Vulnerability
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users...
USN-5702-1 curl vulnerabilities
Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. CVE-2022-32221 Hiroki Kurosawa discovered that curl incorrectly handled parsin...
Exploit for Improper Input Validation in Php
CVE-2022-31629 poc PHP Bug reporthttps://bugs.php.net/b...
[SECURITY] [DSA 3456-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3456-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 27, 2016 https://www.debian.org/security/faq -...