Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.26 views

Puppet Agent 6.x < 6.23.0 / 7.x < 7.8.0 Multiple Vulnerabilities

On May 26, 2021 curl published security updates addressing 3 CVEs: CVE-2021-22897 Low CVE-2021-22898 Medium CVE-2021-22901 High. Previous releases of Puppet Agent contain this vulnerable version of curl. For more information about this vulnerability, refer to the curl ecurity announcements. Note...

8.1CVSS6.9AI score0.60122EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.54 views

Puppet Enterprise < 2019.8.7 / 2021.x < 2021.2 Curl Vulnerabilities

For more information about this vulnerability, refer to the security announcements. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin were extracted...

8.1CVSS7.5AI score0.60122EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2023/03/20 12:0 a.m.32 views

CBL Mariner 2.0 Security Update: curl (CVE-2021-22897)

The version of curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-22897 advisory. - curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code...

5.3CVSS7.1AI score0.02979EPSS
Exploits1References2
CBLMariner
CBLMariner
added 2022/04/09 6:51 a.m.48 views

CVE-2021-22897 affecting package curl for versions less than 7.76.0-5

CVE-2021-22897 affecting package curl for versions less than 7.76.0-5. A patched version of the package is available...

5.3CVSS5.8AI score0.02979EPSS
Exploits1
ICS
ICS
added 2022/03/08 12:0 a.m.128 views

Siemens SINEC INS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerability: Using Components with Known Vulnerabilities 2. RISK EVALUATION Successful exploitation of this vulnerability in third-party components could allow an attacker...

9.8CVSS8.4AI score0.21952EPSS
Exploits1References11
OpenVAS
OpenVAS
added 2022/02/13 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1062)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6AI score0.0627EPSS
Exploits7References2
OpenVAS
OpenVAS
added 2021/08/09 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2239)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.5AI score0.04385EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2021/08/09 12:0 a.m.48 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-2239)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS,...

5.3CVSS7.3AI score0.04385EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2021/07/22 12:0 a.m.29 views

Oracle MySQL Server <= 5.7.34 / 8.0 <= 8.0.25 Security Update (cpujul2021) - Linux

Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...

8.1CVSS7.7AI score0.60122EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2021/07/13 12:0 a.m.47 views

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-2176)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in...

5.3CVSS7.5AI score0.04385EPSS
Exploits2References3
CBLMariner
CBLMariner
added 2021/07/08 9:56 p.m.52 views

CVE-2021-22897 affecting package curl 7.76.0-9

CVE-2021-22897 affecting package curl 7.76.0-9. A patched version of the package is available...

5.3CVSS9.9AI score0.02979EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2021/07/07 12:0 a.m.34 views

Photon OS 2.0: Curl PHSA-2021-2.0-0366

An update of the curl package has been released. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-2.0-0366. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc...

5.3CVSS7.6AI score0.02979EPSS
Exploits1References2
NVD
NVD
added 2021/06/11 4:15 p.m.28 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS0.02979EPSS
Exploits1References8
Cvelist
Cvelist
added 2021/06/11 3:49 p.m.26 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.9AI score0.02979EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2021/06/11 3:49 p.m.44 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS6.5AI score0.02979EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2021/06/11 3:49 p.m.32 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS5.8AI score0.02979EPSS
Exploits1
CVE
CVE
added 2021/06/11 3:49 p.m.202 views

CVE-2021-22897

CVE-2021-22897 affects curl/libcurl when built with Schannel TLS. A bug stores the CURLOP SSL_CIPHER_LIST selection in a single static variable, causing the last cipher set to apply to all concurrent transfers. This can lead to exposure of data to the wrong session and weaker transport security. ...

5.3CVSS5.5AI score0.02979EPSS
Exploits1References8Affected Software1
Hacker One
Hacker One
added 2021/04/22 10:39 p.m.38 views

curl: CVE-2021-22897: schannel cipher selection surprise

Summary: Commit "schannel: support selecting ciphers" added support for selecting the ciphers with SCHANNEL. However, due to use of a static algIds array for ciphers in setsslciphers the last configured cipher list will override configuration used by other connections, leading to potential wrong...

4.3CVSS5.8AI score0.02979EPSS
Exploits1
Rows per page
Query Builder