Lucene search
K

30 matches found

Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.39 views

CentOS 9 : curl-7.76.1-20.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the curl-7.76.1-20.el9 build changelog. - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated...

9.8CVSS6.7AI score0.3197EPSS
Exploits9References10
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.42 views

Rocky Linux 9 : curl (RLSA-2022:6157)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6157 advisory. - curl 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with differen...

9.8CVSS7.3AI score0.3197EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2023/06/13 12:0 a.m.54 views

EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2023-2235)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow a...

9.8CVSS6.6AI score0.3197EPSS
Exploits8References9
OSV
OSV
added 2023/03/30 8:15 p.m.9 views

AZL-34611 CVE-2023-27535 affecting package cmake for versions less than 3.28.2-1

An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...

5.9CVSS6.7AI score0.01607EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/03/20 12:0 a.m.55 views

CBL Mariner 2.0 Security Update: curl (CVE-2022-32208)

The version of curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-32208 advisory. - When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This fl...

5.9CVSS7.2AI score0.05595EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.3 views

SUSE CVE-2022-32208

When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...

6.6CVSS7.3AI score0.05595EPSS
Exploits1References88
OpenVAS
OpenVAS
added 2022/12/28 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2872)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.5AI score0.3197EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2022/12/10 12:0 a.m.54 views

Amazon Linux AMI : curl (ALAS-2022-1646)

The version of curl installed on the remote host is prior to 7.61.1-12.101. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1646 advisory. A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly...

8.1CVSS6.5AI score0.3197EPSS
Exploits8References17
Tenable Nessus
Tenable Nessus
added 2022/10/14 12:0 a.m.40 views

Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-145)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-145 advisory. A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This fl...

9.8CVSS6.4AI score0.3197EPSS
Exploits5References11
Tenable Nessus
Tenable Nessus
added 2022/10/09 12:0 a.m.36 views

EulerOS 2.0 SP8 : curl (EulerOS-SA-2022-2454)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to...

6.5CVSS6.8AI score0.3197EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2022/09/23 12:0 a.m.45 views

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2022-2341)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated...

9.8CVSS6.8AI score0.3197EPSS
Exploits9References10
Tenable Nessus
Tenable Nessus
added 2022/08/29 12:0 a.m.39 views

Rocky Linux 8 : curl (RLSA-2022:6159)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6159 advisory. - curl 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with differen...

6.5CVSS6.8AI score0.3197EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2022/08/25 12:0 a.m.74 views

Oracle Linux 9 : curl (ELSA-2022-6157)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6157 advisory. - fix unpreserved file permissions CVE-2022-32207 - fix HTTP compression denial of service CVE-2022-32206 Tenable has extracted the preceding descripti...

9.8CVSS7.3AI score0.3197EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2022/08/24 12:0 a.m.44 views

Oracle Linux 8 : curl (ELSA-2022-6159)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6159 advisory. - fix HTTP compression denial of service CVE-2022-32206 Tenable has extracted the preceding description block directly from the Oracle Linux security...

6.5CVSS6.8AI score0.3197EPSS
Exploits2References3
OSV
OSV
added 2022/08/17 11:33 a.m.8 views

SUSE-SU-2022:2829-1 Security update for curl

This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain bnc1199223. - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even wh...

7.5CVSS6.6AI score0.3197EPSS
Exploits4References9
Microsoft CVE
Microsoft CVE
added 2022/07/19 7:0 a.m.4 views

When curl < 7.84.0 does FTP transfers secured by krb5 it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

...

5.9CVSS7.5AI score0.05595EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/07/12 12:0 a.m.49 views

SUSE SLES12 Security Update : curl (SUSE-SU-2022:2356-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:2356-1 advisory. - When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a...

5.9CVSS7.2AI score0.05595EPSS
Exploits1References4
OSV
OSV
added 2022/07/07 1:15 p.m.36 views

CVE-2022-32208

When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...

5.9CVSS4.1AI score0.05595EPSS
Exploits1References9
OSV
OSV
added 2022/07/07 1:15 p.m.3 views

AZL-10104 CVE-2022-32208 affecting package curl for versions less than 7.84.0-1

When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...

5.9CVSS7.2AI score0.05595EPSS
Exploits1References1
Prion
Prion
added 2022/07/07 1:15 p.m.27 views

Code injection

When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...

4.3CVSS7.3AI score0.05595EPSS
Exploits1References9Affected Software4
Rows per page
Query Builder