EulerOS Virtualization 2.10.1 : samba (EulerOS-SA-2023-1898)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The...

EulerOS Virtualization 2.10.0 : samba (EulerOS-SA-2023-1929)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The...

Moderate: gssntlmssp security update

The gssntlmssp is a GSSAPI NTLM mechanism that allows to perform NTLM authentication in GSSAPI programs. Security Fixes: gssntlmssp: multiple out-of-bounds read when decoding NTLM fields CVE-2023-25563 gssntlmssp: memory corruption when decoding UTF16 strings CVE-2023-25564 gssntlmssp: incorrect...

CBL Mariner 2.0 Security Update: cmake / curl / mysql / rust / tensorflow (CVE-2023-27536)

The version of cmake / curl / mysql / rust / tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27536 advisory. - An authentication bypass vulnerability exists libcurl 8.0.0 in the...

QNAP QTS / QuTS hero Buffer Overflow Vulnerabilities in Samba (QSA-23-02)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by multiple vulnerabilities as referenced in the QSA-23-02 advisory. - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES...

ROS-20230407-01

The libcurl library vulnerability is related to FTP connection reuse, previously created connections are stored in a connection pool for reuse if they match the current connection pool. connections are stored in the connection pool for reuse if they match the current configuration. configuration...

OESA-2023-1194 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However,...

AZL-34606 CVE-2023-27536 affecting package cmake for versions less than 3.28.2-1

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

AZL-38476 CVE-2023-27536 affecting package tensorflow for versions less than 2.16.1-1

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

ALPINE-CVE-2023-27536

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

AZL-25845 CVE-2023-27536 affecting package curl for versions less than 8.0.1-1

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

AZL-25809 CVE-2023-27536 affecting package rust for versions less than 1.72.0-2

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

DEBIAN-CVE-2023-27536

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

CVE-2023-27536

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

Authentication flaw

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

CVE-2023-27536

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

CBL Mariner 2.0 Security Update: heimdal (CVE-2022-45142)

The version of heimdal installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-45142 advisory. - The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug ...

ROS-20230324-01

Vulnerability of Samba networking software package is related to errors in symbolic links processing. links. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to the server's server file system Vulnerability of unwrapdes and unwrapdes3 functions of GSSAPI...

FreeBSD : curl -- multiple vulnerabilities (0d7d104c-c6fb-11ed-8a4b-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0d7d104c-c6fb-11ed-8a4b-080027f5fec9 advisory. - The vulnerability exists due to missing documentation of the TELNET protocol support and the...

CVE-2023-27536

A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting...