Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/13 12:0 a.m.9 views

Siemens SIMATIC S7-1500 and S7-1200 Use After Free (CVE-2021-22901)

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client...

8.1CVSS7.9AI score0.60122EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2024/10/14 1:26 p.m.21 views

CVE-2024-49214

A flaw was found in HAProxy's QUIC listener. This vulnerability can allow an attacker to bypass the IP allow/block list via a spoofed IP address in a 0-RTT session. The attacker could exploit this by obtaining a TLS session ticket using their real IP, then initiating a 0-RTT session with a spoofe...

5.3CVSS6.7AI score0.00502EPSS
Exploits0References10
OSV
OSV
added 2021/04/04 10:5 p.m.7 views

OPENSUSE-SU-2021:0510-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup bsc1183934 - CVE-2021-22876: Automatic referer leaks credentials bsc1183933 This update was imported from the SUSE:SLE-15-SP2:Update update project...

5.3CVSS5.3AI score0.05301EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2021/04/01 5:46 p.m.1 views

CVE-2021-22890

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...

5.3AI score0.03141EPSS
Exploits1References9
OSV
OSV
added 2021/04/01 3:45 p.m.7 views

SUSE-SU-2021:1006-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup bsc1183934 - CVE-2021-22876: Automatic referer leaks credentials bsc1183933...

5.3CVSS5.2AI score0.05301EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.18 views

Nginx < 1.7.5 SSL Session Reuse

According to the self-reported version in the server response header, the version of nginx installed on the remote host is 0.5.6 or higher, 1.6.x prior to 1.6.2, or 1.7.x prior to 1.7.5. It is, therefore, affected by an SSL session or TLS session ticket key handling error. A flaw exists in the fi...

4.3CVSS6.8AI score0.05654EPSS
Exploits0References8
Oracle linux
Oracle linux
added 2016/09/27 12:0 a.m.61 views

openssl security update

1.0.1e-48.3 - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in DTLS - fix CVE-2016-2180 - OOB read in TSOBJprintbio - fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue - fix...

9.8CVSS1.4AI score0.95707EPSS
Exploits8
Rows per page
Query Builder