Lucene search
K

17 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:30 a.m.49 views

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Configuration Utility, Email Notification, Real Time Action and Base Module affected by multiple vulnerabilities (CVE-2023-46219, CVE-2023-46218, CVE-2023-52071, CVE-2024-0853)

Summary Vulnerabilities contained within libcurl a 3rd party component were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility, Email Notification, Realtime Action and Base Modules. Vulnerability Details CVEID:CVE-2023-46219 DESCRIPTION: cURL libcurl could allow a remote...

6.5CVSS8AI score0.01685EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.13 views

Azure Linux 3.0 Security Update: curl (CVE-2024-0853)

The version of curl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0853 advisory. - curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapli...

5.3CVSS6.4AI score0.01102EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/09/23 12:0 a.m.28 views

GLSA-202409-20 : curl: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202409-20 curl: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from th...

8.6CVSS6.6AI score0.36081EPSS
Exploits6References12
Tenable Nessus
Tenable Nessus
added 2024/08/06 12:0 a.m.21 views

CBL Mariner 2.0 Security Update: curl (CVE-2024-0853)

The version of curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0853 advisory. - curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapli...

5.3CVSS6.4AI score0.01102EPSS
Exploits1References2
CBLMariner
CBLMariner
added 2024/08/05 3:22 a.m.36 views

CVE-2024-0853 affecting package curl for versions less than 8.8.0-1

CVE-2024-0853 affecting package curl for versions less than 8.8.0-1. An upgraded version of the package is available that resolves this issue...

5.3CVSS5.4AI score0.01102EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.31 views

Oracle MySQL Cluster 8.0.x < 8.0.37 (Apr 2024 / Jul 2024 CPU)

The versions of MySQL Cluster installed on the remote host are affected by multiple vulnerabilities as referenced in the April / July 2024 CPU advisory. - Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General LibExpat. Supported versions that are affected are 8.0....

7.5CVSS6AI score0.01815EPSS
Exploits2References7
IBM AIX
IBM AIX
added 2024/06/20 3:10 p.m.44 views

AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)

IBM SECURITY ADVISORY First Issued: Thu Jun 20 15:10:42 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory5.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl CVE-2024-0853...

5.3CVSS6.2AI score0.01102EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/04/03 12:0 a.m.43 views

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2024-581)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-581 advisory. A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname...

5.3CVSS6.2AI score0.01102EPSS
Exploits1References4
Amazon
Amazon
added 2024/04/02 12:0 a.m.8 views

Low: curl

Issue Overview: A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname could succeed if the session ID cache were still fresh, which then skips the...

5.3CVSS6.7AI score0.01102EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/02/28 12:0 a.m.32 views

FreeBSD : curl -- OCSP verification bypass with TLS session reuse (02e33cd1-c655-11ee-8613-08002784c58d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 02e33cd1-c655-11ee-8613-08002784c58d advisory. - curl inadvertently kept the SSL session ID for connections in its cache even when the verify status...

5.3CVSS6.4AI score0.01102EPSS
Exploits1References3
Wolfi
Wolfi
added 2024/02/03 2:15 p.m.70 views

CVE-2024-0853 vulnerabilities

Vulnerabilities for packages: curl...

5.3CVSS7.5AI score0.01102EPSS
Exploits1
Chainguard
Chainguard
added 2024/02/03 2:15 p.m.105 views

CVE-2024-0853 vulnerabilities

Vulnerabilities for packages: curl...

5.3CVSS6.9AI score0.01102EPSS
Exploits1
Cvelist
Cvelist
added 2024/02/03 1:35 p.m.34 views

CVE-2024-0853 OCSP verification bypass with TLS session reuse

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.8AI score0.01102EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/02/03 1:35 p.m.3 views

CVE-2024-0853 OCSP verification bypass with TLS session reuse

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5AI score0.01102EPSS
Exploits1References6
CVE
CVE
added 2024/02/03 1:35 p.m.391 views

CVE-2024-0853

CVE-2024-0853 affects curl by retaining SSL session IDs in the cache after an OCSP stapling verify status test fails, allowing a subsequent transfer to bypass verification if the session cache is still fresh. Connected documents confirm this is a curl vulnerability affecting multiple platforms an...

5.3CVSS5.3AI score0.01102EPSS
Exploits1References6Affected Software1
Debian CVE
Debian CVE
added 2024/02/03 1:35 p.m.47 views

CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS5.1AI score0.01102EPSS
Exploits1
Hacker One
Hacker One
added 2024/01/31 1:23 p.m.48 views

Internet Bug Bounty: CVE-2024-0853: OCSP verification bypass with TLS session reuse

CVE-2024-0853 was a vulnerability in the cURL library where OCSP verification was bypassed when reusing a TLS session. The vulnerability was caused by cURL inadvertently keeping the SSL session ID in its cache even when the OCSP stapling verification failed. This allowed subsequent transfers to t...

5.3CVSS4.6AI score0.01102EPSS
Exploits1
Rows per page
Query Builder