17 matches found
MiracleLinux 9 : curl-7.76.1-23.el9.1 (AXSA:2023-6065:09)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6065:09 advisory. curl: FTP too eager connection reuse CVE-2023-27535 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 8 : curl-7.61.1-30.el8.2.ML.1 (AXSA:2023-6186:10)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6186:10 advisory. curl: FTP too eager connection reuse CVE-2023-27535 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
EUVD-2023-31290
Malicious code in bioql PyPI...
Alibaba Cloud Linux 3 : 0056: curl (ALINUX3-SA-2023:0056)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0056 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-27535: An authentication bypass...
Security Bulletin: IBM Storage Ceph is vulnerable to Improper Authentication in the RHEL UBI (CVE-2023-27535)
Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-27535 This bulletin identifies the steps to take to address the vulnerability in RHEL. Vulnerability Details CVEID:CVE-2023-27535 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...
EulerOS Virtualization 2.11.1 : curl (EulerOS-SA-2023-2719)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass...
NewStart CGSL MAIN 6.06 : curl Multiple Vulnerabilities (NS-SA-2023-0137)
The remote NewStart CGSL host, running version MAIN 6.06, has curl packages installed that are affected by multiple vulnerabilities: - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might mak...
MGASA-2023-0263 Updated curl packages fix security vulnerability
TELNET option IAC injection. CVE-2023-27533 SFTP path resolving discrepancy. CVE-2023-27534 FTP too eager connection reuse. CVE-2023-27535 GSS delegation too eager connection re-use. CVE-2023-27536 HSTS double free. CVE-2023-27537 SSH connection too eager reuse still. CVE-2023-27538 UAF in SSH...
EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2023-2459)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass...
Security Bulletin: IBM MQ is affected by vulnerabilities in libcURL (CVE-2023-23916, CVE-2023-27535)
Summary Multiple issues were identified within the libcurl library that affect IBM MQ. IBM MQ uses libcurl to provide HTTPURL functionality which is only used to download remote CCDT files and is not used to send or receive messages. Vulnerability Details CVEID:CVE-2023-23916 DESCRIPTION: cURL...
SUSE-SU-2023:2228-1 Security update for curl
This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition bsc1211231. - CVE-2023-28321: Fixed IDN wildcard matching bsc1211232. - CVE-2023-28322: Fixed POST-after-PUT confusion bsc1211233. - CVE-2023-27533: Fixed TELNET option IAC injection bsc1209209. -...
Moderate: Red Hat Security Advisory: curl security update
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
CLSA-2023-1681491543 curl: Fix of 3 CVEs
CVE-2023-27533: prevent TELNET option from IAC injection - CVE-2023-27535: fix behavior when FTP too eager connection reuse - CVE-2023-27536: do not reuse connections with different GSS delegations...
SUSE SLES15 Security Update : curl (SUSE-SU-2023:1711-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1711-1 advisory. - An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the chained HTTP compression algorithms...
CVE-2023-27535
An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...
USN-5964-2 curl vulnerabilities
USN-5964-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing,...
SUSE-SU-2023:1582-1 Security update for curl
This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection bsc1209209. - CVE-2023-27534: Fixed SFTP path resolving discrepancy bsc1209210. - CVE-2023-27535: Fixed FTP too eager connection reuse bsc1209211. - CVE-2023-27536: Fixed GSS delegation too eager...