Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2016-5421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown...

8.1CVSS7.5AI score0.08037EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.23 views

RHEL 7 : rh-dotnet21-curl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - curl: Glob parser write/read out of bounds CVE-2016-8620 - Use-after-free vulnerability in libcurl before...

8.1CVSS8.1AI score0.08037EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.36 views

RHEL 6 / 7 : httpd24 (RHSA-2018:3558)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...

10CVSS7AI score0.86006EPSS
Exploits0References89
SUSE CVE
SUSE CVE
added 2023/02/15 5:0 a.m.3 views

SUSE CVE-2016-5421

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors...

8.1CVSS10AI score0.08037EPSS
Exploits0References22
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.23 views

Slackware: Security Advisory (SSA:2016-219-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.1AI score0.15063EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2019/10/10 11:48 p.m.33 views

CVE-2016-5421

A use-after-free flaw was found in libcurl. When invoking curleasyperform after cleaning up a multi session, an application can be tricked into using libcurl to connect to a malicious server, allowing an attacker to potentially execute arbitrary code. The highest threat from this vulnerability is...

6.8CVSS4.4AI score0.08037EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/11/13 8:36 a.m.509 views

Moderate: Red Hat Security Advisory: httpd24 security, bug fix, and enhancement update

An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

10CVSS7AI score0.86006EPSS
Exploits0References49
Tenable Nessus
Tenable Nessus
added 2016/11/11 12:0 a.m.31 views

cURL/libcurl 7.x < 7.50.1 Multiple Vulnerabilities

Binary data 9764.prm...

8.1CVSS8.1AI score0.15063EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/09/26 12:0 a.m.25 views

openSUSE Security Update : curl (openSUSE-2016-1124)

This update for curl fixes the following issues : Security issues fixed : - CVE-2016-5419: TLS session resumption client cert bypass bsc991389 - CVE-2016-5420: Re-using connections with wrong client cert bsc991390 - CVE-2016-5421: use of connection struct after free bsc991391 - CVE-2016-7141: Fix...

8.1CVSS6.4AI score0.15063EPSS
Exploits0References9
NVD
NVD
added 2016/08/10 2:59 p.m.29 views

CVE-2016-5421

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors...

8.1CVSS8.5AI score0.08037EPSS
Exploits0References15
Debian CVE
Debian CVE
added 2016/08/10 2:0 p.m.33 views

CVE-2016-5421

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors...

8.1CVSS8.2AI score0.08037EPSS
Exploits0
CVE
CVE
added 2016/08/10 2:0 p.m.208 views

CVE-2016-5421

CVE-2016-5421 is a use-after-free in libcurl up to version 7.50.0 that can affect which connection is used or cause unspecified impact via unknown vectors. Public notes in ALAS-2016-730 (curl) indicate the issue affects curl/libcurl before 7.50.1 and that patches upgrade to 7.50.1 or newer; remed...

8.1CVSS7.4AI score0.08037EPSS
Exploits0References15Affected Software1
OpenVAS
OpenVAS
added 2016/08/09 12:0 a.m.31 views

Ubuntu: Security Advisory (USN-3048-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.5AI score0.15063EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2016/08/08 5:5 p.m.80 views

USN-3048-1: curl vulnerabilities

Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. CVE-2016-5419 It was discovered that curl incorrectly handled client certificates when reusing TLS connections. CVE-2016-5420 Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectly...

8.1CVSS6.5AI score0.15063EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/08/08 12:0 a.m.30 views

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : curl (SSA:2016-219-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-219-01. The text...

8.1CVSS6.8AI score0.15063EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/08/08 12:0 a.m.31 views

Fedora 24 : curl (2016-24316f1f56)

fix re-using connections with wrong client cert CVE-2016-5420 - fix TLS session resumption client cert bypass CVE-2016-5419 - fix use of connection struct after free CVE-2016-5421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...

8.1CVSS6.8AI score0.15063EPSS
Exploits0References4
Slackware Linux
Slackware Linux
added 2016/08/06 9:10 p.m.30 views

[slackware-security] curl

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/curl-7.50.1-i586-1slack14.2.txz: Upgraded. This release fixes security issues: TLS: switch off SSL sessi...

8.1CVSS7.5AI score0.15063EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/08/05 12:0 a.m.32 views

Debian DSA-3638-1 : curl - security update

Several vulnerabilities were discovered in cURL, an URL transfer library : - CVE-2016-5419 Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed. - CVE-2016-5420 It was discovered that libcurl did not consider client certificates when...

8.1CVSS6.8AI score0.15063EPSS
Exploits0References8
Rows per page
Query Builder