28 matches found
Fedora 37 : curl (2022-d7ee33d4ad)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d7ee33d4ad advisory. - smb/telnet: fix use-after-free when HTTP proxy denies tunnel CVE-2022-43552 - http: use the IDN decoded name in HSTS checks CVE-2022-43551 Tenable...
Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8
Summary Third party reported 'Stored XSS' and 'CSRF' issues, Apache Tomcat, Apache ActiveMQ, CKEditor, libcURL, xmlbeans, scala-library, json-smart, jna-platform, jackson-databind, commons-io, shiro-core, commons-net, snappy-java, xercesImpl are identified as vulnerable components with multiple...
Photon OS 5.0: Cmake PHSA-2023-5.0-0035
An update of the cmake package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0035. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CVE-2022-43551 affecting package tensorflow for versions less than 2.16.1-1
CVE-2022-43551 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...
Security Bulletin: Multiple vulnerabilities in cURL libcurl affect AIX
Summary Multiple vulnerabilities in cURL libcurl affect AIX. AIX uses cURL libcurl as part of LV/PV encryption integration with HPCS. Vulnerability Details CVEID:CVE-2022-43552 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a use-after-free flaw when using an HTTP proxy...
CVE-2022-43551 - HSTS check could be bypassed to trick it to keep using HTTP.
A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...
Oracle HTTP Server (Apr 2023 CPU)
The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the Apr 2023 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: SSL Module zlib . The supported version that is affected is...
Apple Mac OS X Security Update (HT213670)
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP11 : curl (EulerOS-SA-2023-1581)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be...
CBL Mariner 2.0 Security Update: cmake / curl (CVE-2022-43551)
The version of cmake / curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-43551 advisory. - A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP...
Curl Cleartext Information Disclosure < 7.87 (CVE-2022-43551)
The version of Curl installed on the remote host is prior to 7.87.0. It is therefore affected by an information disclosure vulnerability where the HSTS mechanism could be bypassed to trick curl to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an...
CVE-2022-43551 affecting package cmake for versions less than 3.21.4-3
CVE-2022-43551 affecting package cmake for versions less than 3.21.4-3. A patched version of the package is available...
CVE-2022-43551 affecting package cmake 3.21.4-2
CVE-2022-43551 affecting package cmake 3.21.4-2. A patched version of the package is available...
Amazon Linux 2 : curl, libcurl, libcurl-devel (ALAS-2023-1924)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1924 advisory. A vulnerability was found in curl. This issue occurs due to an erroneous function. A malicious server could make curl within Network Security Services NSS get stuck in a never-ending busy loop wh...
CVE-2022-43551 affecting package curl 7.86.0-1
CVE-2022-43551 affecting package curl 7.86.0-1. A patched version of the package is available...
USN-5788-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl t...
Security Bulletin: libcurl as used by IBM QRadar Wincollect agent is vulnerable to denial of service (CVE-2022-43552, CVE-2022-43551)
Summary libcurl as used by the IBM QRadar Wincollect standalone agent is vulnerable to denial of service. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2022-43552 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a use-after-free flaw when...
Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2023-276)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2023-276 advisory. No description is available for this CVE. CVE-2022-43551 A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy...
USN-5788-1: curl vulnerabilities
Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. CVE-2022-43551 It was...
CVE-2022-43551 affecting package curl for versions less than 7.86.0-2
CVE-2022-43551 affecting package curl for versions less than 7.86.0-2. A patched version of the package is available...