29 matches found
Alibaba Cloud Linux 3 : 0070: curl (ALINUX3-SA-2021:0070)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0070 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-22922: When curl is instructed to...
Linux Distros Unpatched Vulnerability : CVE-2021-22922
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XM...
CVE-2021-22922 affecting package curl for versions less than 7.76.0-5
CVE-2021-22922 affecting package curl for versions less than 7.76.0-5. A patched version of the package is available...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1062)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2021-0384)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2769)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
curl security and bug fix update
7.61.1-22 - fix STARTTLS protocol injection via MITM CVE-2021-22947 - fix protocol downgrade required TLS bypass CVE-2021-22946 7.61.1-21 - fix TELNET stack contents disclosure again CVE-2021-22925 - fix TELNET stack contents disclosure CVE-2021-22898 - fix bad connection reuse due to flawed path...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2707)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle MySQL Server <= 5.7.35 / 8.0 <= 8.0.26 Security Update (cpuoct2021) - Linux
Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...
Moderate: Red Hat Security Advisory: curl security update
An update for curl is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
CentOS 8 : curl (CESA-2021:3582)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3582 advisory. - curl: Content not matching hash in Metalink is not being discarded CVE-2021-22922 - curl: Metalink download sends credentials CVE-2021-22923 - curl:...
Fedora: Security Advisory for curl (FEDORA-2021-c5584b92d4)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Moderate: Red Hat Security Advisory: curl security update
An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Content not matching hash in Metalink is not being discarded CVE-2021-22922 curl: Metalink download sends credentials...
curl security update
An update is available for curl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The curl packages provide the libcurl library and the curl utility for downloadi...
RLSA-2021:3582 Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Content not matching hash in Metalink is not being discarded CVE-2021-22922 curl: Metalink download sends credentials...
curl security update
7.61.1-18.el84.1 - fix bad connection reuse due to flawed path name checks CVE-2021-22924 - disable metalink support to fix the following vulnerabilities CVE-2021-22923 - metalink download sends credentials CVE-2021-22922 - wrong content via metalink not discarded...
RHEL 8 : curl (RHSA-2021:3582)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3582 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...
Medium: curl
Issue Overview: A flaw was found in curl in the way curl handles a file hash mismatch after downloading content using the Metalink feature. This flaw allows malicious actors controlling a hosting server to trick users into downloading malicious content. The highest threat from this vulnerability ...
CVE-2021-22922 affecting package curl 7.76.0-9
CVE-2021-22922 affecting package curl 7.76.0-9. A patched version of the package is available...