Lucene search
K

27 matches found

OSV
OSV
added 2024/07/02 6:10 p.m.6 views

CLSA-2024-1719943814 curl: Fix of 2 CVEs

CVE-2023-27538: url: fix the SSH connection reuse check - CVE-2023-27536: url: only reuse connections with same GSS delegation...

7.7CVSS6.7AI score0.01566EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2023/11/07 8:51 a.m.54 views

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

9.8CVSS6.7AI score0.02195EPSS
Exploits4References6
AlmaLinux
AlmaLinux
added 2023/11/07 12:0 a.m.44 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: GSS delegation too eager connection re-use CVE-2023-27536 curl: TELNET option IAC injection CVE-2023-27533 curl: SFTP...

9.8CVSS7.4AI score0.02195EPSS
Exploits4References10
OSV
OSV
added 2023/11/07 12:0 a.m.47 views

ALSA-2023:6679 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: GSS delegation too eager connection re-use CVE-2023-27536 curl: TELNET option IAC injection CVE-2023-27533 curl: SFTP...

9.8CVSS7.6AI score0.02195EPSS
Exploits4References10
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/11 11:44 a.m.33 views

Security Bulletin: IBM Event Streams is affected by a libcurl vulnerability

Summary cURL libcurl is used by IBM Event Streams as part of the Operating System CVE-2023-27536. The library supports retrieving data in-memory, downloading to disk, or streaming using the R "connection" interface. This bulletin identifies the steps to take to address the vulnerability...

5.9CVSS7.2AI score0.01566EPSS
Exploits1Affected Software1
Rockylinux
Rockylinux
added 2023/10/06 11:10 p.m.61 views

curl security update

An update is available for curl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The curl packages provide the libcurl library and the curl utility for downloadi...

5.9CVSS6.8AI score0.0181EPSS
Exploits2
OSV
OSV
added 2023/10/06 11:10 p.m.34 views

RLSA-2023:4523 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: GSS delegation too eager connection re-use CVE-2023-27536 curl: IDN wildcard match may lead to Improper Cerificate...

5.9CVSS7.9AI score0.0181EPSS
Exploits2References3
OSV
OSV
added 2023/09/24 10:16 p.m.34 views

MGASA-2023-0263 Updated curl packages fix security vulnerability

TELNET option IAC injection. CVE-2023-27533 SFTP path resolving discrepancy. CVE-2023-27534 FTP too eager connection reuse. CVE-2023-27535 GSS delegation too eager connection re-use. CVE-2023-27536 HSTS double free. CVE-2023-27537 SSH connection too eager reuse still. CVE-2023-27538 UAF in SSH...

9.8CVSS5.9AI score0.62246EPSS
Exploits11References17
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/15 1:29 p.m.56 views

Security Bulletin: Vulnerabilities in cURL libcurl might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in cURL libcurl. Vulnerabilities include exploiting the vulnerabilities to reuse a previously created connection even when the GSS delegation, to pass on user name and "telnet options" for the server negotiation, to caus...

9.8CVSS8.7AI score0.02195EPSS
Exploits6Affected Software1
Oracle linux
Oracle linux
added 2023/08/10 12:0 a.m.97 views

curl security update

7.61.1-30.el88.3 - GSS delegation too eager connection re-use CVE-2023-27536 - fix host name wildcard checking CVE-2023-28321 - rebuild certs with 2048-bit RSA keys...

5.9CVSS7.1AI score0.0181EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2023/08/08 8:28 a.m.50 views

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

5.9CVSS6.6AI score0.0181EPSS
Exploits2References3
AlmaLinux
AlmaLinux
added 2023/08/08 12:0 a.m.57 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: GSS delegation too eager connection re-use CVE-2023-27536 curl: IDN wildcard match may lead to Improper Cerificate...

5.9CVSS6.9AI score0.0181EPSS
Exploits2References6
OSV
OSV
added 2023/08/08 12:0 a.m.33 views

ALSA-2023:4523 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: GSS delegation too eager connection re-use CVE-2023-27536 curl: IDN wildcard match may lead to Improper Cerificate...

5.9CVSS7.9AI score0.0181EPSS
Exploits2References6
OSV
OSV
added 2023/05/17 7:59 a.m.8 views

SUSE-SU-2023:2228-1 Security update for curl

This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition bsc1211231. - CVE-2023-28321: Fixed IDN wildcard matching bsc1211232. - CVE-2023-28322: Fixed POST-after-PUT confusion bsc1211233. - CVE-2023-27533: Fixed TELNET option IAC injection bsc1209209. -...

9.8CVSS6.2AI score0.02658EPSS
Exploits10References22
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/16 10:43 p.m.49 views

Security Bulletin: Multiple publicly disclosed Libcurl vulnerabilities affect IBM Safer Payments

Summary Libcurl is used by IBM Safer Payments as part of the AVRO support for Kafka. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-43551 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when the host name i...

9.1CVSS8.5AI score0.1654EPSS
Exploits8Affected Software1
Cloud Foundry
Cloud Foundry
added 2023/04/29 12:0 a.m.41 views

USN-5964-1: curl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to...

9.8CVSS7.7AI score0.02195EPSS
Exploits5Affected Software5
Amazon
Amazon
added 2023/04/20 12:0 a.m.47 views

Medium: curl

Issue Overview: The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the...

9.8CVSS6.8AI score0.01993EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2023/03/28 12:0 a.m.48 views

Fedora 38 : curl (2023-0de03a9232)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0de03a9232 advisory. - fix SSH connection too eager reuse still CVE-2023-27538 - fix HSTS double-free CVE-2023-27537 - fix GSS delegation too eager connection re-use...

9.8CVSS6.6AI score0.02195EPSS
Exploits6References7
Ubuntu
Ubuntu
added 2023/03/27 2:47 p.m.78 views

USN-5964-2: curl vulnerabilities

USN-5964-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing,...

9.8CVSS6.7AI score0.01993EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2023/03/26 12:0 a.m.41 views

Fedora 37 : curl (2023-2884ba1528)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-2884ba1528 advisory. - fix SSH connection too eager reuse still CVE-2023-27538 - fix HSTS double-free CVE-2023-27537 - fix GSS delegation too eager connection re-use...

9.8CVSS6.6AI score0.02195EPSS
Exploits6References7
Rows per page
Query Builder