Lucene search
+L

28 matches found

nessus
nessus
added 2024/11/14 12:0 a.m.12 views

Fedora 37 : curl (2022-d7ee33d4ad)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d7ee33d4ad advisory. - smb/telnet: fix use-after-free when HTTP proxy denies tunnel CVE-2022-43552 - http: use the IDN decoded name in HSTS checks CVE-2022-43551 Tenable...

7.5CVSS7.4AI score0.1654EPSS
Exploits2References3
ibm
ibm
added 2024/10/18 7:56 a.m.72 views

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8

Summary Third party reported 'Stored XSS' and 'CSRF' issues, Apache Tomcat, Apache ActiveMQ, CKEditor, libcURL, xmlbeans, scala-library, json-smart, jna-platform, jackson-databind, commons-io, shiro-core, commons-net, snappy-java, xercesImpl are identified as vulnerable components with multiple...

10CVSS9.9AI score0.99999EPSS
Exploits139Affected Software1
nessus
nessus
added 2024/07/24 12:0 a.m.20 views

Photon OS 5.0: Cmake PHSA-2023-5.0-0035

An update of the cmake package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0035. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

9.8CVSS7.5AI score0.82017EPSS
Exploits14References20
cbl_mariner
cbl_mariner
added 2024/04/17 10:2 p.m.27 views

CVE-2022-43551 affecting package tensorflow for versions less than 2.16.1-1

CVE-2022-43551 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS7.8AI score0.1654EPSS
Exploits1
ibm
ibm
added 2023/06/29 4:5 p.m.43 views

Security Bulletin: Multiple vulnerabilities in cURL libcurl affect AIX

Summary Multiple vulnerabilities in cURL libcurl affect AIX. AIX uses cURL libcurl as part of LV/PV encryption integration with HPCS. Vulnerability Details CVEID:CVE-2022-43552 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a use-after-free flaw when using an HTTP proxy...

8.8CVSS8.8AI score0.3197EPSS
Exploits11Affected Software1
broadcom
broadcom
added 2023/05/02 12:0 a.m.52 views

CVE-2022-43551 - HSTS check could be bypassed to trick it to keep using HTTP.

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

7.5CVSS7.5AI score0.1654EPSS
Exploits1
nessus
nessus
added 2023/04/20 12:0 a.m.92 views

Oracle HTTP Server (Apr 2023 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the Apr 2023 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: SSL Module zlib . The supported version that is affected is...

9.8CVSS7.1AI score0.64509EPSS
Exploits2References6
openvas
openvas
added 2023/03/29 12:0 a.m.59 views

Apple Mac OS X Security Update (HT213670)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.4AI score0.22951EPSS
Exploits10References3
nessus
nessus
added 2023/03/24 12:0 a.m.38 views

EulerOS 2.0 SP11 : curl (EulerOS-SA-2023-1581)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be...

7.5CVSS7.3AI score0.1654EPSS
Exploits2References3
nessus
nessus
added 2023/03/20 12:0 a.m.53 views

CBL Mariner 2.0 Security Update: cmake / curl (CVE-2022-43551)

The version of cmake / curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-43551 advisory. - A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP...

7.5CVSS7.2AI score0.1654EPSS
Exploits1References2
nessus
nessus
added 2023/02/23 12:0 a.m.59 views

Curl Cleartext Information Disclosure < 7.87 (CVE-2022-43551)

The version of Curl installed on the remote host is prior to 7.87.0. It is therefore affected by an information disclosure vulnerability where the HSTS mechanism could be bypassed to trick curl to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an...

7.5CVSS7.2AI score0.1654EPSS
Exploits1References2
cbl_mariner
cbl_mariner
added 2023/02/14 8:20 p.m.28 views

CVE-2022-43551 affecting package cmake for versions less than 3.21.4-3

CVE-2022-43551 affecting package cmake for versions less than 3.21.4-3. A patched version of the package is available...

7.5CVSS7.8AI score0.1654EPSS
Exploits1
cbl_mariner
cbl_mariner
added 2023/02/14 2:36 a.m.24 views

CVE-2022-43551 affecting package cmake 3.21.4-2

CVE-2022-43551 affecting package cmake 3.21.4-2. A patched version of the package is available...

7.5CVSS9.9AI score0.1654EPSS
Exploits1
nessus
nessus
added 2023/02/06 12:0 a.m.47 views

Amazon Linux 2 : curl, libcurl, libcurl-devel (ALAS-2023-1924)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1924 advisory. A vulnerability was found in curl. This issue occurs due to an erroneous function. A malicious server could make curl within Network Security Services NSS get stuck in a never-ending busy loop wh...

7.5CVSS7.2AI score0.1654EPSS
Exploits3References7
cbl_mariner
cbl_mariner
added 2023/01/29 9:1 p.m.35 views

CVE-2022-43551 affecting package curl 7.86.0-1

CVE-2022-43551 affecting package curl 7.86.0-1. A patched version of the package is available...

7.5CVSS9.9AI score0.1654EPSS
Exploits1
cloudfoundry
cloudfoundry
added 2023/01/26 12:0 a.m.164 views

USN-5788-1: curl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl t...

7.5CVSS8AI score0.1654EPSS
Exploits2Affected Software4
ibm
ibm
added 2023/01/25 7:11 p.m.39 views

Security Bulletin: libcurl as used by IBM QRadar Wincollect agent is vulnerable to denial of service (CVE-2022-43552, CVE-2022-43551)

Summary libcurl as used by the IBM QRadar Wincollect standalone agent is vulnerable to denial of service. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2022-43552 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a use-after-free flaw when...

7.5CVSS7AI score0.1654EPSS
Exploits2Affected Software1
nessus
nessus
added 2023/01/25 12:0 a.m.48 views

Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2023-276)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2023-276 advisory. No description is available for this CVE. CVE-2022-43551 A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy...

7.5CVSS7.2AI score0.1654EPSS
Exploits2References5
ubuntu
ubuntu
added 2023/01/05 5:15 p.m.89 views

USN-5788-1: curl vulnerabilities

Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. CVE-2022-43551 It was...

7.5CVSS7.8AI score0.1654EPSS
Exploits2
cbl_mariner
cbl_mariner
added 2023/01/03 8:57 p.m.28 views

CVE-2022-43551 affecting package curl for versions less than 7.86.0-2

CVE-2022-43551 affecting package curl for versions less than 7.86.0-2. A patched version of the package is available...

7.5CVSS7.8AI score0.1654EPSS
Exploits1
Rows per page
Query Builder