Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2025-4878 DESCRIPTION: A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function...

CLSA-2026-1776601980 curl: Fix of CVE-2024-7264

CVE-2024-7264: fix ASN.1 GTime2str heap buffer over-read caused by off-by-one in fractional seconds length calculation...

Siemens SIMATIC and SCALANCE Improper Input Validation (CVE-2024-7264)

libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...

TencentOS Server 4: curl (TSSA-2024:0488)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0488 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1483)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1454)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vulnerability Scanner Detection Related to CVE-2024-7264

Support Statement This Veeam KB article was created to address customers' concerns regarding the detection of the libcurl library by their security software on VMware Backup Proxies, where the VMware VDDK package is installed. Libcurl is a component of VMware VDDK Virtual Disk Development Kit,...

Linux Distros Unpatched Vulnerability : CVE-2024-7264

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser...

openSUSE Security Advisory (SUSE-SU-2024:2784-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALSA-2025:1671 Important: mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date pars...

Important: mysql:8.0 security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date pars...

RHEL 9 : mysql (RHSA-2025:1671)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1671 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...

Azure Linux 3.0 Security Update: mysql (CVE-2024-7264)

The version of mysql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-7264 advisory. - libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1105)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1077)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1092)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1069)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-7264 affecting package cmake for versions less than 3.30.3-4

CVE-2024-7264 affecting package cmake for versions less than 3.30.3-4. A patched version of the package is available...

Security Bulletin: vulnerability in libcURL affects IBM Workload Automation.

Summary IBM Workload Automation has vulnerability in libcURL CVE-2024-7264 Vulnerability Details CVEID:CVE-2024-7264 DESCRIPTION: cURL libcurl could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the the GTime2str function. By sending a specially...

Security Bulletin: PowerSC is vulnerable to information disclosure, denial of service, and security restrictions bypass due to Curl

Summary Vulnerabilities in Curl could allow a local attacker to obtain sensitive information CVE-2024-7264 or a remote attacker to cause a denial of service CVE-2024-6197, CVE-2024-37371 or bypass security restrictions CVE-2024-37370. PowerSC uses Curl as part of PowerSC Trusted Network Connect...