9 matches found
PT-2026-33633
Name of the Vulnerable Software and Affected Versions Apache Kafka versions 4.1.0 through 4.1.1 Description An issue exists in the OAUTHBEARER authentication mechanism where the broker property sasl.oauthbearer.jwt.validator.class defaults to...
CVE-2026-22734
Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...
MiracleLinux 8 : curl-7.61.1-22.el8.3 (AXSA:2022-3782:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3782:01 advisory. curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl: auth/cookie leak on redirect...
RHEL 8 : curl (RHSA-2022:5313)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5313 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...
RHEL 9 : curl (RHSA-2022:5245)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5245 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...
ALSA-2022:5313 Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl:...
RLSA-2022:5313 Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl:...
[slackware-security] curl
New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-7.83.0-i586-1slack15.0.txz: Upgraded. This update fixes security issues: OAUTH2 bearer bypass in connection...
cURL -- Multiple vulnerabilities
The cURL project reports: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 Credential leak on redirect CVE-2022-27774 Bad local IPv6 connection reuse CVE-2022-27775 Auth/cookie leak on redirect CVE-2022-27776...