MiracleLinux 9 : curl-7.76.1-23.el9 (AXSA:2023-5467:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5467:07 advisory. curl: Incorrect handling of control code characters in cookies CVE-2022-35252 curl: Use-after-free triggered by an HTTP proxy deny response...

MiracleLinux 9 : curl-7.76.1-19.el9.1 (AXSA:2023-5060:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5060:03 advisory. curl: POST following PUT confusion CVE-2022-32221 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Not...

MiracleLinux 8 : curl-7.61.1-34.el8_10.2 (AXSA:2024-8797:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8797:06 advisory. curl: HTTP/2 push headers memory-leak CVE-2024-2398 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 4 : thunderbird-68.8.0-1.AXS4 (AXSA:2020-057:04)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-057:04 advisory. Mozilla: Use-after-free during worker shutdown CVE-2020-12387 Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 CVE-2020-12395...

MiracleLinux 8 : curl-7.61.1-14.el8 (AXSA:2021-1144:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1144:01 advisory. curl: Incorrect argument check can allow remote servers to overwrite local files CVE-2020-8177 Tenable has extracted the preceding description block directly...

MiracleLinux 7 : curl-7.29.0-57.el7 (AXSA:2020-4602:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-4602:02 advisory. curl: TFTP receive heap buffer overflow in tftpreceivepacket function CVE-2019-5436 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : curl-7.76.1-19.el9.2 (AXSA:2023-5290:06)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5290:06 advisory. curl: HTTP multi-header compression denial of service CVE-2023-23916 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : curl-7.76.1-23.el9.2 (AXSA:2023-6313:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6313:11 advisory. curl: IDN wildcard match may lead to Improper Cerificate Validation CVE-2023-28321 curl: more POST-after-PUT confusion CVE-2023-28322 Tenable has...

MiracleLinux 8 : curl-7.61.1-25.el8.3 (AXSA:2023-5217:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5217:05 advisory. curl: HTTP multi-header compression denial of service CVE-2023-23916 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : curl-7.76.1-14.el9.4.ML.1 (AXSA:2022-4366:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4366:04 advisory. curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl: auth/cookie leak on redirect...

MiracleLinux 7 : curl-7.29.0-59.el7 (AXSA:2020-554:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-554:03 advisory. curl: heap buffer overflow in function tftpreceivepacket CVE-2019-5482 CVE-2019-5482 Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65....

MiracleLinux 9 : curl-7.76.1-23.el9.1 (AXSA:2023-6065:09)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6065:09 advisory. curl: FTP too eager connection reuse CVE-2023-27535 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : curl-7.76.1-26.el9.2 (AXSA:2023-6965:14)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6965:14 advisory. curl: a heap-based buffer overflow in the SOCKS5 proxy handshake CVE-2023-38545 curl: cookie injection with none file CVE-2023-38546 Tenable has...

MiracleLinux 8 : curl-7.61.1-30.el8 (AXSA:2023-5803:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5803:08 advisory. curl: Incorrect handling of control code characters in cookies CVE-2022-35252 curl: Use-after-free triggered by an HTTP proxy deny response...

curl: Cookie Replacement Use-After-Free Vulnerability

Summary: The cookie replacement logic in lib/cookie.c contains a use-after-free vulnerability in the replaceexisting function. The function modifies a linked list while iterating over it, creating potential for memory corruption in concurrent or complex cookie operations. Vulnerable Code Location...

curl: Cookie Max-Age Integer Overflow Vulnerability

Summary: The cookie parsing code in lib/cookie.c contains an integer overflow vulnerability when processing the Max-Age attribute of HTTP cookies. The vulnerable code attempts to add the max-age value to the current timestamp without adequate overflow protection While the code includes an overflo...

MiracleLinux 3 : curl-7.15.5-2.1AXS3.5 (AXSA:2009-376:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-376:02 advisory. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user...

Curl 7.58.0 < 8.18.0 Multiple Vulnerabilities

The version of curl installed on the remote host is 7.58 = 8.17.0. It is, therefore, affected by multiple vulnerabilities when built with the libssh backend: - A key passphrase bypass vulnerability exists where curl wrongly authenticates using a locally running SSH agent even when specifically...

Curl 7.33.0 < 8.18.0 OAuth2 Bearer Token Leak (CVE-2025-14524)

The version of curl installed on the remote host is missing a security update. It is, therefore, affected by an information disclosure vulnerability. - When an OAuth2 bearer token is used for an HTTPS transfer that performs a cross-protocol redirect to a second URL using IMAP, LDAP, POP3, or SMTP...

MiracleLinux 4 : curl-7.19.7-37.AXS4 (AXSA:2013-506:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-506:03 advisory. cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to...