curl: HSTS amnesia with --parallel

A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity...

freerdp security update

2:2.2.0-10 - Fix 'implicit declaration of function' errors 2136153, 2145139 - 2:2.2.0-9 - CVE-2022-39282: Fix length checks in parallel driver 2136151 - CVE-2022-39283: Add missing length check in video channel 2136153 - CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx 2145139 -...

freerdp: clients using `/parallel` command line switch might read uninitialized data

A vulnerability was found in FreeRDP where clients on UNIX systems using /parallel command line switch might read uninitialized data and send it to the client's server. The vulnerability allows a remote attacker to gain access to sensitive information...

Oracle Linux 9 : freerdp (ELSA-2023-2326)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2326 advisory. - CVE-2022-39282: Fix length checks in parallel driver 2136152 - CVE-2022-39283: Add missing length check in video channel 2136154 - CVE-2022-39316,...

PassMute - PassMute - A Multi Featured Password Transmutation/Mutator Tool

This is a command-line tool written in Python that applies one or more transmutation rules to a given password or a list of passwords read from one or more files. The tool can be used to generate transformed passwords for security testing or research purposes. Also, while you doing pentesting it...

freerdp: clients using `/parallel` command line switch might read uninitialized data

A vulnerability was found in FreeRDP where clients on UNIX systems using /parallel command line switch might read uninitialized data and send it to the client's server. The vulnerability allows a remote attacker to gain access to sensitive information...

Malicious code in parallel-workers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis abf4ac32d4bbbf2bca51efed2166f670c707230f7da2b87c1318cbe8ca9dade1 The OpenSSF Package Analysis project identified 'parallel-workers' @ 99.99.101 npm as malicious. It is considered malicious because: - The packa...

MAL-2023-6 Malicious code in parallel-workers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis abf4ac32d4bbbf2bca51efed2166f670c707230f7da2b87c1318cbe8ca9dade1 The OpenSSF Package Analysis project identified 'parallel-workers' @ 99.99.101 npm as malicious. It is considered malicious because: - The packa...

CVE-2022-3686

A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 Build Nr. 1.2.23000.291...

CVE-2022-3684

A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 Build Nr. 1.2.23000.291...

Hardcoded credentials

A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 Build Nr. 1.2.23000.291...

CVE-2022-3684 SDM600 endpoint vulnerability

A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 Build Nr. 1.2.23000.291...

SDM600 安全漏洞

ABB SDM600 is a system data manager from ABB Switzerland. A security vulnerability exists in SDM600 versions prior to 1.2.23000.291. An attacker exploiting this vulnerability could cause an application to be unresponsive by running multiple parallel requests...

SDM600 安全漏洞

ABB SDM600 is a system data manager from ABB Switzerland. A security vulnerability exists in SDM600 versions prior to 1.2.23000.291, which stems from a problem in the endpoint that can be exploited by an attacker to cause an application to become unresponsive by running multiple parallel requests...

PT-2023-2146 · Hitachi Energy · Sdm600

Name of the Vulnerable Software and Affected Versions: Hitachi Energy System Data Manager SDM600 versions prior to 1.2 FP3 HF4 Build Nr. 1.2.23000.291 Description: A vulnerability exists in the SDM600 endpoint, where an attacker could exploit this issue by running multiple parallel requests,...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when running with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. PoC import tensorflow as tf func = tf.rawops.ParallelConcat...

Malicious Package

Overview parallel-workers is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

FreeBSD : curl -- multiple vulnerabilities (be233fc6-bae7-11ed-a4fb-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the be233fc6-bae7-11ed-a4fb-080027f5fec9 advisory. - A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that...

CVE-2022-47076

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx...

USN-5891-1: curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. CVE-2023-23914 Harry Sintonen...