28 matches found
Debian DSA-5365-1 : curl - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5365 advisory. - An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract...
Security Bulletin: IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint has addressed multiple security vulnerabilities (CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)
Summary This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera High-Speed Transfer Server 4.4.1 and Aspera High-Speed Transfer Endpoint 4.4.1 Vulnerability Details CVEID:CVE-2022-27774 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain...
[SECURITY] [DLA 3288-1] curl security update
Debian LTS Advisory DLA-3288-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez January 28, 2023 https://wiki.debian.org/LTS Package : curl Version : 7.64.0-4+deb10u4 CVE ID : CVE-2022-27774 CVE-2022-32221 CVE-2022-35252 CVE-2022-43552 Debian Bug : Several...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to credential exposure in cURL libcurl (CVE-2022-27774)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to credential exposure in cURL libcurl CVE-2022-27774, which could allow an attacker to use this information to launch further attacks against the affected system. The affected component, "same host check" in cU...
AlmaLinux 9 : curl (ALSA-2022:5245)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5245 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality due to CVE-2022-27774
Summary cURL is used by IBM App Connect Enterprise Certified Container for internal communication and status checking. IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerabili...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2454)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : curl (EulerOS-SA-2022-2454)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to...
Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-065)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-065 advisory. A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials s...
[SECURITY] [DSA 5197-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5197-1 [email protected] https://www.debian.org/security/ Markus Koschany August 01, 2022 https://www.debian.org/security/faq -...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2153)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2087)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2107)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1961)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Rocky Linux 8 : curl (RLSA-2022:5313)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5313 advisory. - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections withou...
EulerOS 2.0 SP9 : curl (EulerOS-SA-2022-1961)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections...
curl security update
7.76.1-14.el90.4 - fix too eager reuse of TLS and SSH connections CVE-2022-27782 7.76.1-14.el90.3 - fix leak of SRP credentials in redirects CVE-2022-27774 7.76.1-14.el90.2 - add missing tests to Makefile 7.76.1-14.el90.1 - fix credential leak on redirect CVE-2022-27774 - fix auth/cookie leak on...
Oracle Linux 8 : curl (ELSA-2022-5313)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5313 advisory. - fix too eager reuse of TLS and SSH connections CVE-2022-27782 - fix credential leak on redirect CVE-2022-27774 - fix auth/cookie leak on redirect...
RLSA-2022:5313 Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl:...
USN-5397-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2. An attacker could possibly use this issue to access sensitive information. CVE-2022-22576 Harry Sintonen discovered that curl...