58 matches found
Puppet Agent 6.x < 6.22.1 / 7.x < 7.6.1 Vulnerability
On March 31, 2021, curl published security updates addressing CVE-2021-22876 and CVE-2021-22890. Previous releases of Puppet Agent contain a vulnerable version of curl. For more information about this vulnerability, refer to the curl security announcements. Note that Nessus has not tested for thi...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22876)
Summary Security Vulnerabilities affect IBM Cloud Private - curl Vulnerability Details CVEID: CVE-2021-22876 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to strip off user credentials from the URL when automatically populating the...
Slackware: Security Advisory (SSA:2021-090-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : rh-dotnet31-curl (RHSA-2022:1354)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1354 advisory. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
Siemens SINEC INS
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerability: Using Components with Known Vulnerabilities 2. RISK EVALUATION Successful exploitation of this vulnerability in third-party components could allow an attacker...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1062)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
AlmaLinux 8 : curl (ALSA-2021:4511)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4511 advisory. - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the...
Mageia: Security Advisory (MGASA-2021-0186)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CLSA-2022-1643198583 Fix of CVE: CVE-2021-22876, CVE-2021-22898, CVE-2021-22925
CVE-2021-22925: fix TELNET stack contents disclosure again - CVE-2021-22898: fix TELNET stack contents disclosure - CVE-2021-22876: prevent automatic referer from leaking credentials...
Juniper Junos OS Multiple Vulnerabilities (JSA11289)
The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA11289 advisory. - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Refere...
RHEL 8 : curl (RHSA-2021:4511)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4511 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...
CentOS 8 : curl (CESA-2021:4511)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4511 advisory. - curl: Leak of authentication credentials in URL via automatic Referer CVE-2021-22876 - CVE-2021-22925 curl: Incorrect fix for TELNET stack contents...
Moderate: Red Hat Security Advisory: curl security and bug fix update
An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
curl security and bug fix update
An update is available for curl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The curl packages provide the libcurl library and the curl utility for downloadi...
Moderate: curl security and bug fix update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Leak of authentication credentials in URL via automatic Referer CVE-2021-22876 curl: TELNET stack contents disclosure...
ALSA-2021:4511 Moderate: curl security and bug fix update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Leak of authentication credentials in URL via automatic Referer CVE-2021-22876 curl: TELNET stack contents disclosure...
RLSA-2021:4511 Moderate: curl security and bug fix update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Leak of authentication credentials in URL via automatic Referer CVE-2021-22876 curl: TELNET stack contents disclosure...
Amazon Linux AMI : curl (ALAS-2021-1509)
The version of curl installed on the remote host is prior to 7.61.1-12.98. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1509 advisory. It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the...
EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-2049)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3...
Medium: curl
Issue Overview: It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects. This could lead to exposure of the credentials to the server to which requests were redirected...