7 matches found
CVE-2026-8286
CVE-2026-8286 affects the curl project where a new transfer using STARTTLS to upgrade a connection can reuse an existing live connection despite a TLS configuration mismatch. Concrete details across connected docs show curl versions affected (pre-8.21.0 for 7.30.0 specifically) and indicate the r...
PT-2026-51745
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw exists where a new transfer utilizing STARTTLS to upgrade the connection may incorrectly reuse an existing live connection despite a mismatch in the TLS...
EUVD-2025-199679
Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...
CVE-2025-66253
Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...
CVE-2025-66253 Unauthenticated OS Command Injection (start_upgrade.php)
Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...
CVE-2025-66253 Unauthenticated OS Command Injection (start_upgrade.php)
Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...
ruby: StartTLS stripping vulnerability in Net::IMAP
Ruby's Net::IMAP module did not raise an exception when receiving an unexpected response to the STARTTLS command and the connection was not upgraded to use TLS. A man-in-the-middle attacker could use this flaw to prevent Ruby applications using Net::IMAP to enable TLS encryption for a connection ...