Lucene search
K

558 matches found

OSV
OSV
added 2021/07/21 8:0 a.m.10 views

CURL-CVE-2021-22924 Bad connection reuse due to flawed path name checks

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take 'issuer cert' into account and it compared the involved paths case insensitively, which could...

4.3CVSS5.4AI score0.0627EPSS
Exploits1
OSV
OSV
added 2021/07/21 12:0 a.m.3 views

UBUNTU-CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

3.7CVSS6.6AI score0.0627EPSS
Exploits1References4
Amazon
Amazon
added 2021/06/23 12:0 a.m.82 views

Medium: glibc

Issue Overview: In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. CVE-2019-9169 A flaw was found in glibc. If an attacker provides the iconv function with invalid...

9.8CVSS7AI score0.04731EPSS
Exploits2
OSV
OSV
added 2021/06/14 2:15 p.m.2 views

CVE-2021-24347

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be...

8.8CVSS7.3AI score
Exploits0References3
Hacker One
Hacker One
added 2021/06/11 3:47 a.m.78 views

curl: CVE-2021-22924: Bad connection reuse due to flawed path name checks

Summary: Curlsslconfigmatches attempts to compare whether two SSL connections have identical SSL security options or not. The idea is to avoid reusing a connection that uses less secure, or completely different security options such as capath, cainfo or certificate/issuer pinning. Unfortunately...

4.3CVSS5.7AI score0.0627EPSS
Exploits1
Veracode
Veracode
added 2021/05/24 12:37 a.m.58 views

Arbitrary Code Execution

glibc is vulnerable to arbitrary code execution. A heap-based buffer over-read in proceednextnode in posix/regexec.c allows an attacker to execute arbitrary code on the host OS via an attempted case-insensitive regular-expression match...

9.8CVSS5.2AI score0.04731EPSS
Exploits1References16Affected Software1
RedHat Linux
RedHat Linux
added 2021/05/18 1:52 p.m.5 views

glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read

In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match...

9.8CVSS7.3AI score0.04731EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/05/03 12:0 a.m.38 views

GLSA-202104-01 : Git: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-202104-01 Git: User-assisted execution of arbitrary code It was discovered that Git could be fooled into running remote code during a clone on case-insensitive file systems with support for symbolic links, if Git is configured...

8CVSS8.4AI score0.88644EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.13 views

SUSE: Security Advisory (SUSE-SU-2021:0757-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8CVSS7.9AI score0.88644EPSS
Exploits5References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2019:1958-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.04731EPSS
Exploits2References6
OSV
OSV
added 2021/04/07 11:2 a.m.4 views

OESA-2021-1105 git security update

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and...

8CVSS6.7AI score0.88644EPSS
Exploits5References2
Friends Of PHP
Friends Of PHP
added 2021/04/06 1:30 p.m.9 views

Regression in Query Parenthesis can have Security Implications

Return insensitive check after 8453 Problem: -andWhere"u.name = ?1 or u.username = ?1"; did not wrap part in parenthesis when or or and was written in lowercase anymore. It still worked for uppercase OR and AND. Fixes 8595...

7.2AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/03/27 12:0 a.m.88 views

Amazon Linux 2 : git (ALAS-2021-1621)

The version of git installed on the remote host is prior to 2.23.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1621 advisory. Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains...

8CVSS7.8AI score0.88644EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2021/03/15 12:0 a.m.30 views

openSUSE Security Update : git (openSUSE-2021-405)

This update for git fixes the following issues : - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone. bsc1183026, CVE-2021-21300...

8CVSS8.3AI score0.88644EPSS
Exploits5References2
Mageia
Mageia
added 2021/03/14 9:20 p.m.55 views

Updated git packages fix a security vulnerability

On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone CVE-2021-21300...

8CVSS2.7AI score0.88644EPSS
Exploits5References2
OSV
OSV
added 2021/03/14 9:20 p.m.9 views

MGASA-2021-0137 Updated git packages fix a security vulnerability

On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone CVE-2021-21300...

8CVSS8AI score0.88644EPSS
Exploits5References3
OSV
OSV
added 2021/03/14 2:8 p.m.8 views

OPENSUSE-SU-2021:0405-1 Security update for git

This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone. bsc1183026, CVE-2021-21300 Th...

8CVSS8AI score0.88644EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.38 views

SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2021:0757-1)

This update for git fixes the following issues : On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone. bsc1183026, CVE-2021-21300 Not...

8CVSS8.3AI score0.88644EPSS
Exploits5References4
OSV
OSV
added 2021/03/09 8:15 p.m.1 views

ALPINE-CVE-2021-21300

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive...

7.5CVSS6.9AI score0.88644EPSS
Exploits5References1
OSV
OSV
added 2021/03/09 8:15 p.m.2 views

DEBIAN-CVE-2021-21300

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive...

7.5CVSS7.4AI score0.88644EPSS
Exploits5References1
Rows per page
Query Builder