AZL-42145 CVE-2024-35195 affecting package python-requests for versions less than 2.27.1-7

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verif...

DEBIAN-CVE-2024-35195

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verif...

AZL-34648 CVE-2024-0853 affecting package curl for versions less than 8.8.0-1

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

DEBIAN-CVE-2024-0564

A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging KSM, added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page...

SUSE CVE-2024-0564

A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging KSM, added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page...

PT-2023-8494 · Curl +2 · Curl +2

Name of the Vulnerable Software and Affected Versions: curl affected versions not specified Description: The issue is related to a flaw in curl where it inadvertently keeps the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. This allows a...

tang: Race condition exists in the key generation and rotation functionality

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host...

tang: Race condition exists in the key generation and rotation functionality

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host...

CVE-2023-5766

A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet...

CVE-2023-1672

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host...

AZL-27405 CVE-2023-1672 affecting package tang for versions less than 14-1

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host...

Tang 竞争条件问题漏洞

Tang is an open source server from latchset that binds data to the web. Tang suffers from a security vulnerability that stems from the presence of a competitive condition for key generation and key rotation, which can cause other processes on the same host to read the private key within a short...

SUSE CVE-2012-3371

The Nova scheduler in OpenStack Compute Nova Folsom 2012.2 and Essex 2012.1, when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service excessive database lookup calls and server hang via a request with many repeated IDs in the...

SUSE CVE-2015-3236

cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...

SUSE CVE-2018-0495

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...

SUSE CVE-2021-29971

If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 90...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2128)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

curl: auth/cookie leak on redirect

A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom Authorization...

curl: auth/cookie leak on redirect

A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom Authorization...

The vulnerability of the cURL command-line utility lies in the insufficient protection of registration data, allowing an attacker to gain unauthorized access to the protected information.

The vulnerability of the cURL command-line utility is related to a data leak or a leak of cookie headers during HTTP redirection to the same host, but with a different port number. Exploiting this vulnerability allows an attacker to mistakenly send the same set of headers to hosts that are...