Lucene search
K

162 matches found

SUSE CVE
SUSE CVE
added 2023/03/21 3:13 a.m.3 views

SUSE CVE-2023-27538

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...

5.8CVSS8.5AI score0.01162EPSS
Exploits1References92
Hacker One
Hacker One
added 2023/03/20 7:44 a.m.65 views

Internet Bug Bounty: CVE-2023-27538: SSH connection too eager reuse still

A vulnerability was found in libcurl that allowed the reuse of a previously created SSH connection even when an SSH related option had been changed that should have prohibited reuse. This was due to two SSH settings being left out from the configuration match checks, making them match too easily...

5.5CVSS6.9AI score0.01162EPSS
Exploits1
OSV
OSV
added 2023/03/20 12:0 a.m.3 views

UBUNTU-CVE-2023-27538

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...

7.7CVSS6.8AI score0.01162EPSS
Exploits1References4
Prion
Prion
added 2022/12/13 4:15 p.m.29 views

Design/Logic Flaw

A vulnerability has been identified in SCALANCE SC622-2C All versions = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 V3.0. Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or...

4CVSS6.3AI score0.0087EPSS
Exploits0References1Affected Software6
Oracle linux
Oracle linux
added 2022/11/22 12:0 a.m.37 views

curl security update

7.76.1-19 - fix unpreserved file permissions CVE-2022-32207 - fix HTTP compression denial of service CVE-2022-32206 - fix FTP-KRB bad message verification CVE-2022-32208 7.76.1-18 - fix too eager reuse of TLS and SSH connections CVE-2022-27782 7.76.1-17 - fix leak of SRP credentials in redirects...

9.8CVSS0.1AI score0.3197EPSS
Exploits8
OSV
OSV
added 2022/08/16 8:42 a.m.6 views

SUSE-SU-2022:2813-1 Security update for curl

This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain bnc1199223. - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even wh...

7.5CVSS6.6AI score0.3197EPSS
Exploits4References9
NVD
NVD
added 2022/07/13 9:15 p.m.16 views

CVE-2022-34757

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...

6.7CVSS0.00277EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/07/13 9:10 p.m.18 views

CVE-2022-34757

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...

6.7CVSS6.7AI score0.00277EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/07/07 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2022:2297-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.03608EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/07/01 12:0 a.m.61 views

RHEL 9 : curl (RHSA-2022:5245)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5245 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

8.1CVSS7AI score0.03425EPSS
Exploits4References11
Oracle linux
Oracle linux
added 2022/06/30 12:0 a.m.38 views

curl security update

7.76.1-14.el90.4 - fix too eager reuse of TLS and SSH connections CVE-2022-27782 7.76.1-14.el90.3 - fix leak of SRP credentials in redirects CVE-2022-27774 7.76.1-14.el90.2 - add missing tests to Makefile 7.76.1-14.el90.1 - fix credential leak on redirect CVE-2022-27774 - fix auth/cookie leak on...

8.1CVSS2AI score0.03425EPSS
Exploits4
OSV
OSV
added 2022/06/28 10:52 a.m.40 views

RLSA-2022:5313 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl:...

8.1CVSS7.5AI score0.03425EPSS
Exploits4References5
Veeam
Veeam
added 2022/06/14 12:0 a.m.106 views

Archiving Job Fails With: "Failed to provision a proxy appliance : Unable to connect by SSH to Appliance."

Challenge An Archiving Job for a Scale-Out Backup Repository fails with the error: Failed to provision a proxy appliance: Unable to connect by SSH to Appliance. Copy Log Example dd.mm.yyyy hh:mm:ss Warning Failed to provision a proxy appliance: Unable to connect by SSH to appliance. dd.mm.yyyy...

6.6AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 2022/05/31 4:35 p.m.51 views

CVE-2022-29245 Weak private key generation in SSH.NET

SSH.NET is a Secure Shell SSH library for .NET. In versions 2020.0.0 and 2020.0.1, during an X25519 key exchange, the client’s private key is generated with System.Random. System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic...

6.5CVSS6.5AI score0.01384EPSS
Exploits1References4
OSV
OSV
added 2022/05/15 10:6 a.m.7 views

MGASA-2022-0185 Updated curl packages fix security vulnerability

CERTINFO never-ending busy-loop. CVE-2022-27781 TLS and SSH connection too eager reuse. CVE-2022-27782...

7.5CVSS7.6AI score0.02596EPSS
Exploits2References5
OSV
OSV
added 2022/05/11 8:0 a.m.5 views

CURL-CVE-2022-27782 TLS and SSH connection too eager reuse

libcurl would reuse a previously created connection even when a TLS or SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several TLS and...

7.5CVSS7.6AI score0.02596EPSS
Exploits1
Metasploit
Metasploit
added 2021/12/17 5:53 p.m.99 views

Interact with Established SSH Connection

Interacts with a shell on an established SSH connection Module Options msf use payload/generic/ssh/interact msf payloadinteract show actions ...actions... msf payloadinteract set ACTION msf payloadinteract show options ...show and set options... msf payloadinteract run This module requires...

7.1AI score
Exploits0
NVD
NVD
added 2021/04/19 2:15 p.m.29 views

CVE-2021-20989

Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be...

5.9CVSS0.01983EPSS
Exploits3References3
Prion
Prion
added 2020/12/14 8:15 p.m.18 views

Code injection

GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection...

7.5CVSS9.7AI score0.02652EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/12/14 7:56 p.m.19 views

CVE-2020-20184

GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection...

9.8AI score0.02652EPSS
Exploits1References1
Rows per page
Query Builder