Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017507)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017507 advisory. curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use...

OSV-2025-491 Heap-buffer-overflow in libssl.soNUMBER

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=427814448 Crash type: Heap-buffer-overflow READ 5 Crash state: libssl.soNUMBER libssl.soNUMBER SSLCTXsetcipherlist...

Kiloview P1 4G Video Encoder and P2 4G Video Encoder Security Vulnerabilities

Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both professional video encoder devices from China-based Kiloview. A security vulnerability exists in the Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder, which stems from the fact that the devices support at least on...

PT-2024-40758 · Git +1 · Boringssl

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of Use-of-uninitialized-value. The crash occurs in the bssl::ssl cipher process rules function, which is called by...

SUSE CVE-2006-3738

Buffer overflow in the SSLgetsharedciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers...

SUSE CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

nodejs:14 security, bug fix, and enhancement update

nodejs 1:14.17.3-2 - Resolves: RHBZ1980032, RHBZ1978203 - Resolves RHBZ1842826 - Don't use patch3 1:14.17.3-1 - Resolves: RHBZ1980032, RHBZ1978203 - Resolves RHBZ1842826 - Resolves CVE-2021-22918libuv, use system cipher list 1:14.16.0-3 - Resolves: RHBZ1930775 - Always build with systemtap...

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library which has the surprising side-effect that if an application sets up multiple concurrent transfers the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario this weakens transport security significantly.

...

OESA-2021-1216 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when...

AZL-6358 CVE-2021-22897 affecting package curl for versions less than 7.76.0-5

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

ALPINE-CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

Haxx libcurl 加密问题漏洞

HAXX Haxx libcurl is a free, open source client-side URL transport library from the Swedish company HAXX. The library supports FTP, FTPS, TFTP, HTTP and more. Haxx libcurl suffers from a cryptographic issue vulnerability that stems from the fact that libcurl allows applications to specify a...

PT-2021-5860 · Libcurl +1 · Libcurl +1

Name of the Vulnerable Software and Affected Versions: libcurl versions 7.61.0 through 7.76.1 Description: The issue is related to the implementation of the Transport Layer Security TLS protocol in the libcurl library, specifically with errors in security settings when using the CURLOPT SSL CIPHE...

Security Bulletin: Vulnerability in RC4 stream cipher affects Connect:Express for UNIX (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Connect:Express for UNIX Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Debian: Security Advisory (DLA-1560-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : curl (SUSE-SU-2018:1327-2)

This update for curl fixes several issues : Security issues fixed : CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client bsc1092098 Non security issues fixed: If the DEFAULTSUSE cipher list is not available use the HIGH cipher alias before failing. bsc1086825 No...

SUSE-SU-2018:1327-2 Security update for curl

This update for curl fixes several issues: Security issues fixed: - CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client bsc1092098 Non security issues fixed: - If the DEFAULTSUSE cipher list is not available use the HIGH cipher alias before failing. bsc1086825...

Security Bulletin: Multiple vulnerabilities in GPFS affects IBM® DB2® LUW on AIX and Linux (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Summary There are multiple vulnerabilities in IBM® General Parallel File System, Versions V3.4 and V3.5 that are used by DB2® pureScale™ Feature on AIX and Linux. Vulnerability Details CVEID: CVE-2015-0197 DESCRIPTION: IBM General Parallel File System could allow a local attacker which only has a...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM SOA Policy Gateway Pattern (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects the IBM WebSphere Service Registry and Repository component of IBM SOA Policy Gateway Pattern for AIX Server. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could all...