Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2022-43551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use...

7.5CVSS7AI score0.1654EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.4 views

PT-2024-7663 · Curl +9 · Curl +9

Name of the Vulnerable Software and Affected Versions: curl versions prior to 8.10.1 Description: The issue is related to the implementation of the HSTS HTTP Strict Transport Security mechanism in the curl utility. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a...

8.6CVSS6.8AI score0.36081EPSS
Exploits8References100
Redos
Redos
added 2024/09/23 12:0 a.m.41 views

ROS-20240923-02

Vulnerability of ANGLE library in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...

8.8CVSS9.8AI score0.02155EPSS
Exploits1
Amazon
Amazon
added 2023/03/22 12:0 a.m.7 views

Medium: curl

Issue Overview: A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity. CVE-2023-23914 A flaw was fou...

9.1CVSS6.8AI score0.01703EPSS
Exploits2
Cvelist
Cvelist
added 2023/02/23 12:0 a.m.41 views

CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

7.7AI score0.00861EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/02/23 12:0 a.m.59 views

Curl Cleartext Information Disclosure < 7.87 (CVE-2022-43551)

The version of Curl installed on the remote host is prior to 7.87.0. It is therefore affected by an information disclosure vulnerability where the HSTS mechanism could be bypassed to trick curl to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an...

7.5CVSS7.2AI score0.1654EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2023/02/17 11:57 a.m.57 views

CVE-2023-23915

A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity...

4.2CVSS7.6AI score0.00861EPSS
Exploits0References4
OSV
OSV
added 2023/02/15 8:0 a.m.23 views

CURL-CVE-2023-23915 HSTS amnesia with --parallel

curl's HSTS cache saving behaves wrongly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when...

6.5CVSS6.6AI score0.00861EPSS
Exploits0
OSV
OSV
added 2023/02/15 12:0 a.m.5 views

UBUNTU-CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

6.5CVSS6.7AI score0.00861EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2022/12/23 12:0 a.m.106 views

CVE-2022-43551

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

7.5CVSS7.6AI score0.1654EPSS
Exploits1
Rows per page
Query Builder