Lucene search
K

48 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2015-3148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a...

5CVSS7.4AI score0.17942EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.34 views

Debian: Security Advisory (DLA-211-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS9.6AI score0.17942EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 7:57 p.m.54 views

K16707: cURL and libcurl vulnerability CVE-2015-3148

Security Advisory Description cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. CVE-2015-3148 Impact Remote attackers may be able to re-use Negotiate connections as other user...

5CVSS7.8AI score0.17942EPSS
Exploits0Affected Software20
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.25 views

Slackware: Security Advisory (SSA:2015-302-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS9AI score0.3763EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2015-0179)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.9AI score0.3763EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.48 views

Security Bulletin: Vulnerabilities in curl affect Power Hardware Management Console (CVE-2015-3143 CVE-2015-3148 CVE-2015-3153 CVE-2014-3613 CVE-2014-3707 CVE-2014-8150)

Summary curl is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3143 DESCRIPTION: libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently...

5CVSS8.7AI score0.17942EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2015:0962-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.7AI score0.17942EPSS
Exploits3References13
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/01 8:19 a.m.34 views

Security Bulletin: Vulnerabilities in libcurl and cURL affect Rational DOORS (CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153, CVE-2015-3236)

Summary Vulnerabilities in libcurl and cURL affect Rational DOORS. Vulnerability Details CVEID: CVE-2015-3143 DESCRIPTION: libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a...

9CVSS0.3AI score0.3763EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.43 views

NewStart CGSL MAIN 4.05 : curl Vulnerability (NS-SA-2019-0104)

The remote NewStart CGSL host, running version MAIN 4.05, has curl packages installed that are affected by a vulnerability: - It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials fo...

9.8CVSS7AI score0.17942EPSS
Exploits0References2
Veracode
Veracode
added 2019/05/02 5:40 a.m.36 views

CRLF Injection

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker...

5CVSS8.5AI score0.17942EPSS
Exploits0References39Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.70 views

Security Bulletin: Multiple vulnerabilities affect IBM Flex System Chassis Management Module

Summary The following curl, glibc, php and OpenSSL vulnerabilities, as well as MD5 "SLOTH" vulnerability on TLS 1.2, affect IBM Flex System Chassis Management Module. Vulnerability Details Summary The following curl, glibc, php and OpenSSL vulnerabilities, as well as MD5 "SLOTH" vulnerability on...

10CVSS0.6AI score0.50129EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:30 a.m.37 views

Security Bulletin: Multiple vulnerabilities in curl affect PowerKVM

Summary PowerKVM is affected by several vulnerabilities in curl. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2014-3613 DESCRIPTION: cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failure to properly detect and reject domain name...

5CVSS0.7AI score0.17942EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:30 p.m.38 views

Security Bulletin: Vulnerabilities in curl affect IBM Security Network Protection

Summary The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security vulnerabilities have been discovered in libcurl used with IBM Security Network Protection. Vulnerability Details CVEID:...

5CVSS0.7AI score0.17942EPSS
Exploits0Affected Software1
Prion
Prion
added 2018/03/12 3:29 p.m.22 views

Code injection

curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl...

7.5CVSS9.2AI score0.17942EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/04/13 12:0 a.m.140 views

RHEL 6 : curl (RHSA-2017:0847)

An update for curl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

9.8CVSS7AI score0.17942EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2017/04/07 12:0 a.m.35 views

RedHat Update for curl RHSA-2017:0847-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.17942EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/04/06 12:0 a.m.67 views

Scientific Linux Security Update : curl on SL6.x i386/x86_64 (20170329)

Security Fixes : - It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server. CVE-2017-2628 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

9.8CVSS7AI score0.17942EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2016/05/07 12:0 a.m.66 views

Juniper Networks Junos OS Multiple cURL and libcurl Vulnerabilities

Junos OS is prone to multiple vulnerabilities in cURL and libcurl. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"...

9CVSS7AI score0.3763EPSS
Exploits1References1
Cent OS
Cent OS
added 2015/11/30 7:26 p.m.80 views

curl, libcurl security update

CentOS Errata and Security Advisory CESA-2015:2159 Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common...

5CVSS6.8AI score0.17942EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2015/11/20 12:0 a.m.41 views

RedHat Update for curl RHSA-2015:2159-06

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS9.9AI score0.17942EPSS
Exploits0References2
Rows per page
Query Builder