27 matches found
Siemens SCALANCE and RUGGEDCOM Free of Memory not on the Heap (CVE-2024-6197)
libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to stack overwrite due to the libcurl package (CVE-2024-6197)
Summary libcurl is used by DataStage on Cloud Pak for Data as part of API communication. Vulnerability Details CVEID:CVE-2024-6197 DESCRIPTION: libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately...
openSUSE Security Advisory (SUSE-SU-2024:2784-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: PowerSC is vulnerable to information disclosure, denial of service, and security restrictions bypass due to Curl
Summary Vulnerabilities in Curl could allow a local attacker to obtain sensitive information CVE-2024-7264 or a remote attacker to cause a denial of service CVE-2024-6197, CVE-2024-37371 or bypass security restrictions CVE-2024-37370. PowerSC uses Curl as part of PowerSC Trusted Network Connect...
K000145125: Curl vulnerability CVE-2024-6197
Security Advisory Description libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this...
CVE-2024-6197 affecting package curl for versions less than 8.8.0-2
CVE-2024-6197 affecting package curl for versions less than 8.8.0-2. A patched version of the package is available...
KLA73903 DoS vulnerability in Microsoft Mariner
A remote code execution vulnerability was found in Microsoft Mariner. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service. Original advisories CVE-2024-6197 Related products CBL-Mariner-2.0 CVE list CVE-2024-6197 critical Solution Install necessary...
KB5044284: Windows 11 Version 24H2 / Windows Server 2025 Security Update (October 2024)
The remote Windows host is missing security update 5044284. It is, therefore, affected by multiple vulnerabilities - libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also...
KB5044280: Windows 11 version 21H2 Security Update (October 2024)
The remote Windows host is missing security update 5044280. It is, therefore, affected by multiple vulnerabilities - libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also...
KB5044273: Windows 10 version 21H2 / Windows 10 Version 22H2 Security Update (October 2024)
The remote Windows host is missing security update 5044273. It is, therefore, affected by multiple vulnerabilities - libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also...
KB5044277: Windows 10 version 1809 / Windows Server 2019 Security Update (October 2024)
The remote Windows host is missing security update 5044277. It is, therefore, affected by multiple vulnerabilities - libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also...
KB5044288: Windows 11 version 22H2 / Windows Server version 23H2 Security Update (October 2024)
The remote Windows host is missing security update 5044288. It is, therefore, affected by multiple vulnerabilities - libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also...
KB5044281: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (October 2024)
The remote Windows host is missing security update 5044281. It is, therefore, affected by multiple vulnerabilities - libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also...
CVE-2024-6197 affecting package cmake for versions less than 3.30.3-2
CVE-2024-6197 affecting package cmake for versions less than 3.30.3-2. A patched version of the package is available...
Tenable Nessus Network Monitor < 6.5.0 Multiple Vulnerabilities (TNS-2024-17)
Tenable Nessus Network Monitor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CBL Mariner 2.0 Security Update: curl (CVE-2024-6197_-_A)
The version of curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6197-A advisory. - NIST NVD Details CVE-2024-6197 Note that Nessus has not tested for this issue but has instead relied only on...
CBL Mariner 2.0 Security Update: curl (CVE-2024-6197)
The version of curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6197 advisory. - libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an...
Tenable Security Center Multiple Vulnerabilities (TNS-2024-13)
According to its self-reported version, the Tenable Security Center running on the remote host is 6.2.1, 6.3.0 or 6.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-13 advisory. - Security Center leverages third-party software to help provide underlying...
SUSE SLED15: curl / libcurl-devel / libcurl-devel-32bit / libcurl4 / etc (SUSE-SU-2024:2784-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2784-1 advisory. - CVE-2024-7264: Fixed ASN.1 date parser overread bsc1228535 - CVE-2024-6197: Fixed freeing stac...
Fedora: Security Advisory (FEDORA-2024-a7976ba89f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...