Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2024/07/24 12:0 a.m.25 views

Photon OS 3.0: Curl PHSA-2022-3.0-0406

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0406. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS6.9AI score0.03425EPSS
Exploits7References8
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.31 views

Photon OS 4.0: Curl PHSA-2022-4.0-0205

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0205. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS6.9AI score0.03425EPSS
Exploits7References8
Tenable Nessus
Tenable Nessus
added 2022/09/06 12:0 a.m.39 views

Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-065)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-065 advisory. A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials s...

8.1CVSS6.8AI score0.03425EPSS
Exploits8References17
CBLMariner
CBLMariner
added 2022/07/01 9:2 p.m.35 views

CVE-2022-27779 affecting package curl for versions less than 7.83.1-1

CVE-2022-27779 affecting package curl for versions less than 7.83.1-1. An upgraded version of the package is available that resolves this issue...

5.3CVSS6.6AI score0.02414EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/06/01 12:0 a.m.54 views

CVE-2022-27779

libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check...

5.3CVSS6.5AI score0.02414EPSS
Exploits1
CVE
CVE
added 2022/06/01 12:0 a.m.233 views

CVE-2022-27779

Summary: CVE-2022-27779 affects curl/libcurl by allowing cookies to be set for Top Level Domains when the hostname ends with a trailing dot. The issue arises in the cookie engine and PSL-aware checks, potentially causing cookies to be sent to an unrelated domain. The connected advisory (ALAS2023-...

5.3CVSS6.1AI score0.02414EPSS
Exploits1References3Affected Software1
ALT Linux
ALT Linux
added 2022/05/19 12:0 a.m.136 views

Security fix for the ALT Linux 10 package curl version 7.83.1-alt1

7.83.1-alt1 built May 19, 2022 Anton Farygin in task 299735 --- May 11, 2022 Anton Farygin - 7.83.1 - Fixes: CVE-2022-30115: HSTS bypass via trailing dot CVE-2022-27782: TLS and SSH connection too eager reuse CVE-2022-27781: CERTINFO never-ending busy-loop CVE-2022-27780: percent-encoded path...

5.8CVSS3.4AI score0.03453EPSS
Exploits6
OpenVAS
OpenVAS
added 2022/05/12 12:0 a.m.30 views

Slackware: Security Advisory (SSA:2022-131-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.1AI score0.03453EPSS
Exploits6References8
Circl
Circl
added 2022/05/11 11:11 a.m.6 views

CVE-2022-27779

creationtimestamp| type| source ---|---|--- 2022-05-11 11:11:43+00:00| seen| https://t.me/ctinow/51735 2022-06-11 22:01:05+00:00| seen| https://t.me/ctinow/53634...

5.3CVSS6.5AI score0.02414EPSS
Exploits1References2
Hacker One
Hacker One
added 2022/05/11 7:2 a.m.106 views

Internet Bug Bounty: CVE-2022-27779: cookie for trailing dot TLD

Published Advisory: https://curl.se/docs/CVE-2022-27779.html Original Report: https://hackerone.com/reports/1553301 Impact This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain. ie. conduct session fixation attacks...

5CVSS6.6AI score0.02414EPSS
Exploits1
Rows per page
Query Builder