MiracleLinux 9 : curl-7.76.1-23.el9.2 (AXSA:2023-6313:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6313:11 advisory. curl: IDN wildcard match may lead to Improper Cerificate Validation CVE-2023-28321 curl: more POST-after-PUT confusion CVE-2023-28322 Tenable has...

Security Bulletin: Due to use of cURL libcurl, IBM Event Streams is vunerable to bypass security restrictions.

Summary cURL libcurl is used in IBM Event Streams CVE-2023-28322 Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the logic for a reused handle when it is expected to be changed from a PUT to a...

EulerOS 2.0 SP8 : curl (EulerOS-SA-2024-2460)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowe...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.2024)

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.2024 advisory. - This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origi...

CVE-2021-28322

creationtimestamp| type| source ---|---|--- 2024-08-18 14:42:05+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3220...

Photon OS 5.0: Cmake PHSA-2023-5.0-0035

An update of the cmake package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0035. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CBL Mariner 2.0 Security Update: mysql / rust / cmake / curl / tensorflow (CVE-2023-28322)

The version of mysql / rust / cmake / curl / tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-28322 advisory. - An information disclosure vulnerability exists in curl v8.1.0 when doing...

Security Bulletin: Vulnerabilities in libcurl, cURL and Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in libcurl, cURL and Linux Kernel. Vulnerabilities include an attacker could exploit these vulnerabilities to overflow a buffer and execute arbitrary code on the system, to insert cookies at will into a running program, t...

CVE-2024-28322

CVE-2024-28322 affects PuneethReddyHC Event Management 1.0. Affected component: the /event-management-master/backend/register.php endpoint, vulnerable via the event_id parameter in a crafted POST request, enabling SQL injection. Root cause: improper input handling leading to arbitrary SQL executi...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.17 LTS and 11.5.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

CVE-2023-28322 affecting package tensorflow for versions less than 2.16.1-1

CVE-2023-28322 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

RLSA-2024:1601 Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: information disclosure by exploiting a mixed case flaw CVE-2023-46218 curl: more POST-after-PUT confusion...

Security Bulletin: Vulnerability in libcurl may affect IBM Storage Scale System (CVE-2023-28322)

Summary A vulnerability in libcurl may allow a remote attacker to bypass security restrictions in IBM Storage Scale System. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions...

AlmaLinux 8 : curl (ALSA-2024:1601)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1601 advisory. - An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback...

curl security and bug fix update

7.61.1-33.5 - cap SFTP packet size sent RHEL-5485 - when keyboard-interactive auth fails, try password 2229800 - unify the upload/method handling CVE-2023-28322 - fix cookie injection with none file CVE-2023-38546 - lowercase the domain names before PSL checks CVE-2023-46218...

RHEL 8 : curl (RHSA-2024:1601)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1601 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: information disclosure by exploiting a mixed case flaw CVE-2023-46218 curl: more POST-after-PUT confusion...

CVE-2023-28322 affecting package cmake for versions less than 3.21.4-10

CVE-2023-28322 affecting package cmake for versions less than 3.21.4-10. A patched version of the package is available...

Moderate: Red Hat Security Advisory: curl security and bug fix update

An update for curl is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Moderate: Red Hat Security Advisory: curl security and bug fix update

An update for curl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...