CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

OpenVAS•added 2024/11/04 12:0 a.m.•12 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2795)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.5AI score0.16212EPSS

Exploits1References3

OpenVAS•added 2024/11/04 12:0 a.m.•19 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2783)

6.5CVSS7.5AI score0.16212EPSS

Exploits1References3

Tenable Nessus•added 2024/10/23 12:0 a.m.•9 views

CBL Mariner 2.0 Security Update: mysql (CVE-2024-7264)

The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-7264 advisory. - libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If...

6.5CVSS7.2AI score0.16212EPSS

Exploits1References2

Tenable Nessus•added 2024/10/09 12:0 a.m.•28 views

EulerOS 2.0 SP11 : curl (EulerOS-SA-2024-2549)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field,...

6.5CVSS7.3AI score0.16212EPSS

Exploits1References2

Tenable Nessus•added 2024/10/09 12:0 a.m.•17 views

EulerOS 2.0 SP11 : curl (EulerOS-SA-2024-2575)

6.5CVSS7.3AI score0.16212EPSS

Exploits1References2

F5 Networks•added 2024/09/12 4:29 p.m.•40 views

K000141062: libcurl vulnerability CVE-2024-7264

Security Advisory Description libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointe...

6.5CVSS7.2AI score0.16212EPSS

Exploits1

Veracode•added 2024/08/01 8:6 a.m.•14 views

Heap Buffer Over-Read

libcurl.so is vulnerable to a Heap Buffer Over-Read. The vulnerability is due to improper handling of invalid ASN.1 Generalized Time fields in the GTime2str function via lib/x509asn1.c. which allows an attacker to disclose sensitive information by exposing heap contents through the CURLINFOCERTIN...

6.5CVSS6.1AI score0.16212EPSS

Exploits1References7Affected Software2

NVD•added 2024/07/31 8:15 a.m.•19 views

CVE-2024-7264

libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...

6.5CVSS0.16212EPSS

Exploits1References8

Vulnrichment•added 2024/07/31 8:8 a.m.•23 views

CVE-2024-7264 ASN.1 date parser overread

7.1AI score0.16212EPSS

Exploits1References4

Cvelist•added 2024/07/31 8:8 a.m.•31 views

CVE-2024-7264 ASN.1 date parser overread

0.16212EPSS

Exploits1References4

CVE•added 2024/07/31 8:8 a.m.•655 views

CVE-2024-7264

CVE-2024-7264 affects libcurl’s ASN.1 parser (GTime2str): if parsing a syntactically incorrect Generalized Time field, the code may set the time fraction length to -1, causing strlen() to operate on a non-null-terminated heap buffer. This can cause a crash and potentially leak heap contents to th...

6.5CVSS7.3AI score0.16212EPSS

Exploits1References8Affected Software1