14 matches found
Photon OS 3.0: Curl PHSA-2022-3.0-0406
An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0406. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 4.0: Curl PHSA-2022-4.0-0205
An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0205. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
USN-5412-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this issue to trick curl into using the wrong URL and bypass...
Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-065)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-065 advisory. A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials s...
CVE-2022-27780 affecting package curl 7.76.0-9
CVE-2022-27780 affecting package curl 7.76.0-9. This CVE either no longer is or was never applicable...
CVE-2022-27780 affecting package curl for versions less than 7.83.1-1
CVE-2022-27780 affecting package curl for versions less than 7.83.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
Security fix for the ALT Linux 10 package curl version 7.83.1-alt1
7.83.1-alt1 built May 19, 2022 Anton Farygin in task 299735 --- May 11, 2022 Anton Farygin - 7.83.1 - Fixes: CVE-2022-30115: HSTS bypass via trailing dot CVE-2022-27782: TLS and SSH connection too eager reuse CVE-2022-27781: CERTINFO never-ending busy-loop CVE-2022-27780: percent-encoded path...
Ubuntu: Security Advisory (USN-5412-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Slackware: Security Advisory (SSA:2022-131-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5412-1: curl vulnerabilities
Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this issue to trick curl into using the wrong URL and bypass certain checks or filters. This issue only affected Ubuntu 22.04 LTS. CVE-2022-27780 Florian Kohnhuser discovered...
CVE-2022-27780
A vulnerability was found in curl. This issue occurs because the curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the hostname part of a URL, making it a different URL using the wrong hostname when it is later retrieved. This flaw allows a malicious actor to...
Internet Bug Bounty: CVE-2022-27780: percent-encoded path separator in URL host
Advisory: https://curl.se/docs/CVE-2022-27780.html Original Report: https://hackerone.com/reports/1553841 Impact URL filter bypasses...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : curl vulnerabilities (USN-5412-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5412-1 advisory. Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this iss...