10 matches found
Photon OS 3.0: Curl PHSA-2022-3.0-0406
An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0406. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 4.0: Curl PHSA-2022-4.0-0205
An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0205. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-065)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-065 advisory. A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials s...
CVE-2022-27779 affecting package curl for versions less than 7.83.1-1
CVE-2022-27779 affecting package curl for versions less than 7.83.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2022-27779
libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check...
CVE-2022-27779
Summary: CVE-2022-27779 affects curl/libcurl by allowing cookies to be set for Top Level Domains when the hostname ends with a trailing dot. The issue arises in the cookie engine and PSL-aware checks, potentially causing cookies to be sent to an unrelated domain. The connected advisory (ALAS2023-...
Security fix for the ALT Linux 10 package curl version 7.83.1-alt1
7.83.1-alt1 built May 19, 2022 Anton Farygin in task 299735 --- May 11, 2022 Anton Farygin - 7.83.1 - Fixes: CVE-2022-30115: HSTS bypass via trailing dot CVE-2022-27782: TLS and SSH connection too eager reuse CVE-2022-27781: CERTINFO never-ending busy-loop CVE-2022-27780: percent-encoded path...
Slackware: Security Advisory (SSA:2022-131-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-27779
creationtimestamp| type| source ---|---|--- 2022-05-11 11:11:43+00:00| seen| https://t.me/ctinow/51735 2022-06-11 22:01:05+00:00| seen| https://t.me/ctinow/53634...
Internet Bug Bounty: CVE-2022-27779: cookie for trailing dot TLD
Published Advisory: https://curl.se/docs/CVE-2022-27779.html Original Report: https://hackerone.com/reports/1553301 Impact This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain. ie. conduct session fixation attacks...