20 matches found
Photon OS 5.0: Cmake PHSA-2023-5.0-0035
An update of the cmake package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0035. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CBL Mariner 2.0 Security Update: rust / tensorflow / curl / mysql (CVE-2023-28319)
The version of rust / tensorflow / curl / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-28319 advisory. - A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a...
Security Bulletin: Vulnerabilities in libcurl, cURL and Linux Kernel might affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in libcurl, cURL and Linux Kernel. Vulnerabilities include an attacker could exploit these vulnerabilities to overflow a buffer and execute arbitrary code on the system, to insert cookies at will into a running program, t...
CVE-2023-28319 affecting package tensorflow for versions less than 2.16.1-1
CVE-2023-28319 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-28319 affecting package mysql for versions less than 8.0.34-1
CVE-2023-28319 affecting package mysql for versions less than 8.0.34-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-28319 affecting package rust for versions less than 1.72.0-2
CVE-2023-28319 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...
BELL-CVE-2023-28319 CVE-2023-28319 does not affect BellSoft software
Bulletin has no description...
CVE-2023-28319 affecting package curl for versions less than 8.2.1-1
CVE-2023-28319 affecting package curl for versions less than 8.2.1-1. An upgraded version of the package is available that resolves this issue...
Moderate: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links...
RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.57 (RHSA-2023:4629)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4629 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...
macOS 11.x < 11.7.9 Multiple Vulnerabilities (HT213845)
The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.7.9. It is, therefore, affected by multiple vulnerabilities: - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS...
openSUSE 15: curl / libcurl-devel / libcurl-devel-32bit / libcurl4 / etc (SUSE-SU-2023:2224-2)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2224-2 advisory. This update for curl adds the following feature: Update to version 8.0.1 jscPED-2580 - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check...
CVE-2023-28319
A use after free vulnerability exists in curl...
CVE-2023-28319
A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...
CVE-2023-28319
CVE-2023-28319 : A use-after-free in curl/libcurl’s SSH fingerprint check (verifying server public keys with a SHA-256 hash) occurs when verification fails; memory for the fingerprint is freed before the error message is built, potentially leaking the freed hash data in error output. Affected are...
Internet Bug Bounty: CVE-2023-28319: UAF in SSH sha256 fingerprint check
A use-after-free vulnerability was found in libcurl's SSH server public key verification feature, affecting versions 7.81.0 to 8.0.1. When the verification check failed, libcurl would free the memory for the fingerprint before returning an error message containing the now-freed hash, potentially...
Slackware: Security Advisory (SSA:2023-137-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:2225-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-28319
A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed...
Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Multiple Vulnerabilities (SSA:2023-137-01)
The version of curl installed on the remote host is prior to 8.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-137-01 advisory. - A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key...