51 matches found
Alibaba Cloud Linux 3 : 0070: curl (ALINUX3-SA-2021:0070)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0070 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-22922: When curl is instructed to...
Siemens Industrial Devices using libcurl Use After Free (CVE-2021-22924)
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...
Western Digital My Cloud Multiple Products 5.x < 5.25.124 Multiple Vulnerabilities (WDC-22019)
Multiple Western Digital My Cloud products are prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...
[SECURITY] [DLA 3085-1] curl security update
Debian LTS Advisory DLA-3085-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 29, 2022 https://wiki.debian.org/LTS Package : curl Version : 7.64.0-4+deb10u3 CVE ID : CVE-2021-22898 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 CVE-2022-22576 CVE-2022-27776...
[SECURITY] [DSA 5197-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5197-1 [email protected] https://www.debian.org/security/ Markus Koschany August 01, 2022 https://www.debian.org/security/faq -...
Siemens OpenSSL Affecting Industrial Products
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Multiple 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, disclose...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22924)
Summary Security Vulnerabilities affect IBM Cloud Private - curl Vulnerability Details CVEID: CVE-2021-22924 DESCRIPTION: An unspecified error with bad connection reused due to improper path name validation in cURL libcurl has an unknown impact and attack vector. CVSS Base score: 5.3 CVSS Tempora...
RHEL 7 : rh-dotnet31-curl (RHSA-2022:1354)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1354 advisory. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
CVE-2021-22924 affecting package curl for versions less than 7.76.0-5
CVE-2021-22924 affecting package curl for versions less than 7.76.0-5. A patched version of the package is available...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1062)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2021-0384)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM MaaS360 Cloud Extender and Modules have various vulnerabilities (CVE-2021-22924, CVE-2021-3712)
Summary A vulnerability contained within a 3rd party component was identified and remediated in the IBM MaaS360 Cloud Extender Agent V2.106.100.008 and Modules. Vulnerability Details CVEID: CVE-2021-22924 DESCRIPTION: An unspecified error with bad connection reused due to improper path name...
Security Bulletin: Vulnerability in libcURL affect IBM Rational ClearCase ( CVE-2021-22924)
Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-22924 DESCRIPTION: An unspecified error with bad connection reused due to improper path...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2769)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
curl security and bug fix update
7.61.1-22 - fix STARTTLS protocol injection via MITM CVE-2021-22947 - fix protocol downgrade required TLS bypass CVE-2021-22946 7.61.1-21 - fix TELNET stack contents disclosure again CVE-2021-22925 - fix TELNET stack contents disclosure CVE-2021-22898 - fix bad connection reuse due to flawed path...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2707)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CLSA-2021-1634922534 Fixed CVE-2021-22924 in curl
fix connection reuse checks for issuer cert and case sensitivity CVE-2021-22924...
Oracle MySQL Server <= 5.7.35 / 8.0 <= 8.0.26 Security Update (cpuoct2021) - Linux
Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...
Fedora: Security Advisory for curl (FEDORA-2021-c5584b92d4)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CentOS 8 : curl (CESA-2021:3582)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3582 advisory. - curl: Content not matching hash in Metalink is not being discarded CVE-2021-22922 - curl: Metalink download sends credentials CVE-2021-22923 - curl:...