30 matches found
CentOS 9 : curl-7.76.1-20.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the curl-7.76.1-20.el9 build changelog. - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated...
Rocky Linux 9 : curl (RLSA-2022:6157)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6157 advisory. - curl 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with differen...
EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2023-2235)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow a...
AZL-34611 CVE-2023-27535 affecting package cmake for versions less than 3.28.2-1
An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...
CBL Mariner 2.0 Security Update: curl (CVE-2022-32208)
The version of curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-32208 advisory. - When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This fl...
SUSE CVE-2022-32208
When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2872)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : curl (ALAS-2022-1646)
The version of curl installed on the remote host is prior to 7.61.1-12.101. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1646 advisory. A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly...
Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-145)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-145 advisory. A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This fl...
EulerOS 2.0 SP8 : curl (EulerOS-SA-2022-2454)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to...
EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2022-2341)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated...
Rocky Linux 8 : curl (RLSA-2022:6159)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6159 advisory. - curl 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with differen...
Oracle Linux 9 : curl (ELSA-2022-6157)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6157 advisory. - fix unpreserved file permissions CVE-2022-32207 - fix HTTP compression denial of service CVE-2022-32206 Tenable has extracted the preceding descripti...
Oracle Linux 8 : curl (ELSA-2022-6159)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6159 advisory. - fix HTTP compression denial of service CVE-2022-32206 Tenable has extracted the preceding description block directly from the Oracle Linux security...
SUSE-SU-2022:2829-1 Security update for curl
This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain bnc1199223. - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even wh...
When curl < 7.84.0 does FTP transfers secured by krb5 it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
...
SUSE SLES12 Security Update : curl (SUSE-SU-2022:2356-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:2356-1 advisory. - When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a...
CVE-2022-32208
When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...
AZL-10104 CVE-2022-32208 affecting package curl for versions less than 7.84.0-1
When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...
Code injection
When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...