EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2023-2459)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass...

PT-2023-14808 · Nexxt · Nexxt Nebula 1200-Ac

Name of the Vulnerable Software and Affected Versions: Nexxt Nebula 1200-AC version 15.03.06.60 Description: The issue allows authentication bypass and command execution by utilizing the HTTPD service to enable TELNET. Recommendations: For version 15.03.06.60, consider disabling the HTTPD service...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2188)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: curl

Issue Overview: The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the...

curl: Use-after-free triggered by an HTTP proxy deny response

A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...

EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2023-2014)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the 'chained' HTTP compressio...

CLSA-2023-1685378052 curl: Fix of 2 CVEs

CVE-2022-43552: smb/telnet: do not free the protocol struct in done - CVE-2022-35252: cookie: reject cookies with "control bytes"...

CVE-2023-1834

Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1838)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1862)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-1862)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the 'chained' HTTP compression algorithms,...

curl: Use-after-free triggered by an HTTP proxy deny response

A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...

[SECURITY] [DLA 3398-1] curl security update

Debian LTS Advisory DLA-3398-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany April 21, 2023 https://wiki.debian.org/LTS Package : curl Version : 7.64.0-4+deb10u6 CVE ID : CVE-2023-27533 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 Several security vulnerabilitie...

Amazon Linux AMI : curl (ALAS-2023-1727)

The version of curl installed on the remote host is prior to 7.61.1-12.105. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1727 advisory. The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part o...

Medium: curl

Issue Overview: The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the...

CBL Mariner 2.0 Security Update: cmake / curl / mysql / rust / tensorflow (CVE-2023-27533)

The version of cmake / curl / mysql / rust / tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27533 advisory. - A vulnerability in input validation exists in curl 8.0 during communicatio...

Fedora 36 : curl (2023-7e7414e64d)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7e7414e64d advisory. - fix SSH connection too eager reuse still CVE-2023-27538 - fix GSS delegation too eager connection re-use CVE-2023-27536 - fix FTP too eager...

ROS-20230406-01

A vulnerability in the curl program is related to the incorrect replacement of the tilde character when used as a prefix in the first path element, in addition to its intended use as the first element to specify a path relative to a user's home directory. element to specify a path relative to the...

SUSE SLES15 Security Update : curl (SUSE-SU-2023:1711-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1711-1 advisory. - An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the chained HTTP compression algorithms...

OESA-2023-1196 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However,...