Astra Linux - уязвимость в curl

A authentication bypass vulnerability exists in libcurl version 8.0.0, particularly in the connection reuse feature. This vulnerability allows for the reuse of previously established connections with incorrect user permissions, due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION...

Siemens SIMATIC S7-1500 Improper Authentication (CVE-2023-27536)

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

OESA-2023-1194 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However,...

AZL-25809 CVE-2023-27536 affecting package rust for versions less than 1.72.0-2

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

ALPINE-CVE-2023-27536

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

AZL-38476 CVE-2023-27536 affecting package tensorflow for versions less than 2.16.1-1

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

AZL-34606 CVE-2023-27536 affecting package cmake for versions less than 3.28.2-1

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

AZL-25845 CVE-2023-27536 affecting package curl for versions less than 8.0.1-1

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

DEBIAN-CVE-2023-27536

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

Authentication flaw

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

UBUNTU-CVE-2023-27536

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

OracleVM 3.2 : curl (OVMSA-2016-0056)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix heap-based buffer overflow in curleasyunescape CVE-2013-2174 - fix cookie tailmatching to prevent cross-domain leakage CVE-2013-1944 - introduce the --delegation option of curl 746849 - fix stack...

CURL-CVE-2011-2192 inappropriate GSSAPI delegation

When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism. This is obviously a sensitive operation, which...