ROS-20240708-01

Vulnerability in the HTTP/2 network protocol implementation of the cURL command line utility is related to memory release errors. memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in the cURL command line...

Medium: curl

Issue Overview: When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protoco...

AZL-37117 CVE-2024-2004 affecting package mysql for versions less than 8.0.40-1

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been...

AZL-37087 CVE-2024-2004 affecting package cmake for versions less than 3.30.3-2

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been...

AZL-37114 CVE-2024-2004 affecting package mysql for versions less than 8.0.40-1

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been...

CLSA-2023-1702495594 squid: Fix of CVE-2023-46728

CVE-2023-46728: Remove support for Gopher protocol...

SUSE CVE-2018-5143

URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting XSS attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially...

Cross site scripting

URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting XSS attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This...

Chrome, Firefox, Edge and Safari Plans to Disable TLS 1.0 and 1.1 in 2020

All major web browsers, including Google Chrome, Apple Safari, Microsoft Edge, Internet Explorer, and Mozilla Firefox, altogether today announced to soon remove support for TLS 1.0 20-year-old and TLS 1.1 12-year-old communication encryption protocols. Developed initially as Secure Sockets Layer...

UBUNTU-CVE-2018-5143

URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting XSS attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially...

[Ipdecap] Decapsulate traffic encapsulated within GRE, IPIP, 6in4, ESP (ipsec) protocols

Ipdecap can decapsulate traffic encapsulated within GRE, IPIP, 6in4, ESP ipsec protocols, and can also remove IEEE 802.1Q virtual lan header. It reads packets from an pcap file, removes the encapsulation protocol, and writes them to another pcap file. Goals are: Extract encapsulated tcp flow to...