MiracleLinux 9 : curl-7.76.1-26.el9_3.3 (AXSA:2024-7591:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7591:01 advisory. curl: information disclosure by exploiting a mixed case flaw CVE-2023-46218 Tenable has extracted the preceding description block directly from the...

CentOS 9 : curl-7.76.1-31.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the curl-7.76.1-31.el9 build changelog. - When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allow...

CentOS 9 : curl-7.76.1-21.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the curl-7.76.1-21.el9 build changelog. - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the...

CentOS 9 : curl-7.76.1-26.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the curl-7.76.1-26.el9 build changelog. - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on...

CentOS 9 : curl-7.76.1-22.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the curl-7.76.1-22.el9 build changelog. - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP...

[SECURITY] Fedora 34 Update: curl-7.76.1-7.fc34

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Stack overflow

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

CVE-2021-22898

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

PT-2021-3227 · Openssl +5 · Openssl +4

Name of the Vulnerable Software and Affected Versions: curl versions 7.75.0 through 7.76.1 MySQL Server version 5.7.34 and earlier MySQL Server version 8.0.25 and earlier Description: The issue is related to a use-after-free vulnerability, which can allow a remote attacker to potentially execute...

PT-2021-5860 · Libcurl +1 · Libcurl +1

Name of the Vulnerable Software and Affected Versions: libcurl versions 7.61.0 through 7.76.1 Description: The issue is related to the implementation of the Transport Layer Security TLS protocol in the libcurl library, specifically with errors in security settings when using the CURLOPT SSL CIPHE...