Lucene search
K

58 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.34 views

Puppet Agent 6.x < 6.22.1 / 7.x < 7.6.1 Vulnerability

On March 31, 2021, curl published security updates addressing CVE-2021-22876 and CVE-2021-22890. Previous releases of Puppet Agent contain a vulnerable version of curl. For more information about this vulnerability, refer to the curl security announcements. Note that Nessus has not tested for thi...

5.3CVSS6.4AI score0.05301EPSS
Exploits2References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 12:59 p.m.55 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22876)

Summary Security Vulnerabilities affect IBM Cloud Private - curl Vulnerability Details CVEID: CVE-2021-22876 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to strip off user credentials from the URL when automatically populating the...

5.3CVSS0.5AI score0.05301EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.22 views

Slackware: Security Advisory (SSA:2021-090-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6AI score0.05301EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2022/04/14 12:0 a.m.40 views

RHEL 7 : rh-dotnet31-curl (RHSA-2022:1354)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1354 advisory. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

7.5CVSS6.9AI score0.0627EPSS
Exploits4References11
ICS
ICS
added 2022/03/08 12:0 a.m.128 views

Siemens SINEC INS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerability: Using Components with Known Vulnerabilities 2. RISK EVALUATION Successful exploitation of this vulnerability in third-party components could allow an attacker...

9.8CVSS8.4AI score0.21952EPSS
Exploits1References11
OpenVAS
OpenVAS
added 2022/02/13 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1062)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6AI score0.0627EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.48 views

AlmaLinux 8 : curl (ALSA-2021:4511)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4511 advisory. - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the...

5.3CVSS6.8AI score0.05301EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.13 views

Mageia: Security Advisory (MGASA-2021-0186)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6AI score0.05301EPSS
Exploits2References6
OSV
OSV
added 2022/01/26 12:3 p.m.12 views

CLSA-2022-1643198583 Fix of CVE: CVE-2021-22876, CVE-2021-22898, CVE-2021-22925

CVE-2021-22925: fix TELNET stack contents disclosure again - CVE-2021-22898: fix TELNET stack contents disclosure - CVE-2021-22876: prevent automatic referer from leaking credentials...

5.3CVSS6.6AI score0.05301EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2022/01/12 12:0 a.m.65 views

Juniper Junos OS Multiple Vulnerabilities (JSA11289)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA11289 advisory. - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Refere...

8.1CVSS7.6AI score0.60122EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2021/11/11 12:0 a.m.53 views

RHEL 8 : curl (RHSA-2021:4511)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4511 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

5.3CVSS6.5AI score0.05301EPSS
Exploits3References11
Tenable Nessus
Tenable Nessus
added 2021/11/11 12:0 a.m.245 views

CentOS 8 : curl (CESA-2021:4511)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4511 advisory. - curl: Leak of authentication credentials in URL via automatic Referer CVE-2021-22876 - CVE-2021-22925 curl: Incorrect fix for TELNET stack contents...

5.3CVSS6.4AI score0.05301EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2021/11/09 6:26 p.m.61 views

Moderate: Red Hat Security Advisory: curl security and bug fix update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

5.3CVSS6.5AI score0.05301EPSS
Exploits3References6
Rockylinux
Rockylinux
added 2021/11/09 9:38 a.m.62 views

curl security and bug fix update

An update is available for curl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The curl packages provide the libcurl library and the curl utility for downloadi...

5.3CVSS6.3AI score0.05301EPSS
Exploits3
AlmaLinux
AlmaLinux
added 2021/11/09 9:38 a.m.51 views

Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Leak of authentication credentials in URL via automatic Referer CVE-2021-22876 curl: TELNET stack contents disclosure...

5.3CVSS6.4AI score0.05301EPSS
Exploits3References4
OSV
OSV
added 2021/11/09 9:38 a.m.25 views

ALSA-2021:4511 Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Leak of authentication credentials in URL via automatic Referer CVE-2021-22876 curl: TELNET stack contents disclosure...

5.3CVSS6.2AI score0.05301EPSS
Exploits3References4
OSV
OSV
added 2021/11/09 9:38 a.m.33 views

RLSA-2021:4511 Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Leak of authentication credentials in URL via automatic Referer CVE-2021-22876 curl: TELNET stack contents disclosure...

3.7CVSS6.1AI score0.05301EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2021/07/13 12:0 a.m.45 views

Amazon Linux AMI : curl (ALAS-2021-1509)

The version of curl installed on the remote host is prior to 7.61.1-12.98. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1509 advisory. It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the...

5.3CVSS7.4AI score0.05301EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2021/07/01 12:0 a.m.30 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-2049)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3...

5.3CVSS6.4AI score0.05301EPSS
Exploits2References3
Amazon
Amazon
added 2021/06/23 12:0 a.m.94 views

Medium: curl

Issue Overview: It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects. This could lead to exposure of the credentials to the server to which requests were redirected...

5.3CVSS7.2AI score0.05301EPSS
Exploits2
Rows per page
Query Builder