Lucene search
+L

5 matches found

OSV
OSV
added 6 days ago2 views

SUSE-SU-2026:2925-1 Security update for curl

This update for curl fixes the following issues - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-8286: wrong STARTTLS connection reuse bsc1268402. - CVE-2026-8458: wrong reuse for different services bsc1268407. - CVE-2026-8924: traling dot domain super cookie...

9.8CVSS6.3AI score0.01064EPSS
Exploits11References23
OSV
OSV
added 2026/07/08 1:46 p.m.3 views

SUSE-SU-2026:22582-1 Security update for curl

This update for curl fixes the following issues - CVE-2026-8286: wrong STARTTLS connection reuse bsc1268402. - CVE-2026-8458: wrong reuse for different services bsc1268407. - CVE-2026-8924: traling dot domain super cookie bsc1268409. - CVE-2026-8927: env-set cross-proxy Digest auth state leak...

9.8CVSS6.1AI score0.01064EPSS
Exploits10References21
Microsoft CVE
Microsoft CVE
added 2026/07/04 8:6 a.m.4 views

wrong STARTTLS connection reuse

...

8.1CVSS6.1AI score0.0052EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.20 views

Curl 7.30.0 < 8.21.0 Wrong STARTTLS Connection Reuse

The version of curl installed on the remote host is 7.30.0 prior to 8.21.0. It is, therefore, affected by an improper certificate validation vulnerability: - A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even thoug...

8.1CVSS6AI score0.0052EPSS
Exploits1References2
Hacker One
Hacker One
added 2026/05/07 6:58 a.m.12 views

curl: CVE-2026-8286: wrong STARTTLS connection reuse

A vulnerability was found in the Curl library that allowed a plain-text connection to reuse an existing SSL-upgraded connection without verifying the SSL configuration. This could lead to a man-in-the-middle attack if an attacker was able to intercept the initial STARTTLS upgrade. The issue was...

8.1CVSS6.6AI score0.02596EPSS
Exploits2
Rows per page
Query Builder