18 matches found
Puppet Agent 6.x < 6.23.0 / 7.x < 7.8.0 Multiple Vulnerabilities
On May 26, 2021 curl published security updates addressing 3 CVEs: CVE-2021-22897 Low CVE-2021-22898 Medium CVE-2021-22901 High. Previous releases of Puppet Agent contain this vulnerable version of curl. For more information about this vulnerability, refer to the curl ecurity announcements. Note...
Puppet Enterprise < 2019.8.7 / 2021.x < 2021.2 Curl Vulnerabilities
For more information about this vulnerability, refer to the security announcements. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin were extracted...
CBL Mariner 2.0 Security Update: curl (CVE-2021-22897)
The version of curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-22897 advisory. - curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code...
CVE-2021-22897 affecting package curl for versions less than 7.76.0-5
CVE-2021-22897 affecting package curl for versions less than 7.76.0-5. A patched version of the package is available...
Siemens SINEC INS
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerability: Using Components with Known Vulnerabilities 2. RISK EVALUATION Successful exploitation of this vulnerability in third-party components could allow an attacker...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1062)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2239)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-2239)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS,...
Oracle MySQL Server <= 5.7.34 / 8.0 <= 8.0.25 Security Update (cpujul2021) - Linux
Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...
EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-2176)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in...
CVE-2021-22897 affecting package curl 7.76.0-9
CVE-2021-22897 affecting package curl 7.76.0-9. A patched version of the package is available...
Photon OS 2.0: Curl PHSA-2021-2.0-0366
An update of the curl package has been released. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-2.0-0366. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc...
CVE-2021-22897
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...
CVE-2021-22897
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...
CVE-2021-22897
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...
CVE-2021-22897
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...
CVE-2021-22897
CVE-2021-22897 affects curl/libcurl when built with Schannel TLS. A bug stores the CURLOP SSL_CIPHER_LIST selection in a single static variable, causing the last cipher set to apply to all concurrent transfers. This can lead to exposure of data to the wrong session and weaker transport security. ...
curl: CVE-2021-22897: schannel cipher selection surprise
Summary: Commit "schannel: support selecting ciphers" added support for selecting the ciphers with SCHANNEL. However, due to use of a static algIds array for ciphers in setsslciphers the last configured cipher list will override configuration used by other connections, leading to potential wrong...