EulerOS Virtualization 2.11.1 : curl (EulerOS-SA-2023-2066)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when...

Use After Free

libcurl.so is vulnerable to Use After Free. Even when the CURLOPTPOSTFIELDS option is enabled, libcurl may mistakenly use the read callback CURLOPTREADFUNCTION while performing HTTPS transfers to request data to send. The application might misbehave and send the incorrect data or use memory that ...

CURL-CVE-2023-28322 more POST-after-PUT confusion

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

CentOS 8 : curl (CESA-2023:2963)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2963 advisory. - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1633)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2023-1633)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when...

Universal Media Server 13.2.1 Cross Site Scripting

Exploit Title: Universal Media Server 13.2.1 Cross Site Scripting Google Dork: NA Date: 01/04/2023 Exploit Author: Yehia Elghaly - Mrvar0x Vendor Homepage: https://www.universalmediaserver.com/ Software Link: https://www.universalmediaserver.com/download/ Version: 13.2.1 Tested on: Windows 7 / 10...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1496)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5365-1 : curl - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5365 advisory. - An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract...

Fedora: Security Advisory for mingw-opusfile (FEDORA-2023-528f07b5af)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: mingw-opusfile-0.12-9.fc37

libopusfile provides a high-level API for decoding and seeking within .opus files. It includes: Support for all files with at least one Opus stream including multichannel files or Ogg files where Opus is muxed with something else. Full support, including seeking, for chained files. A simple stere...

Debian DSA-5330-1 : curl - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5330 advisory. Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure. F...

AlmaLinux 9 : curl (ALSA-2023:0333)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:0333 advisory. - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option h...

Oracle Linux 9 : curl (ELSA-2023-0333)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-0333 advisory. 7.76.1-19.el91.1 - fix POST following PUT confusion CVE-2022-32221 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Fedora 36 : curl (2022-01ffde372c)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-01ffde372c advisory. - url: use IDN decoded names for HSTS checks CVE-2022-42916 - httpproxy: restore the protocol pointer on error CVE-2022-42915 - netrc: replace fgets...

Amazon Linux 2022 : curl (ALAS2022-2022-246)

The version of curl installed on the remote host is prior to 7.86.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-246 advisory. - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send,...

Medium: curl

Issue Overview: A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set if it previously used the same handle to issue a PUT...

Design/Logic Flaw

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2022-2722)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a...

Updated curl packages fix security vulnerability

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. CVE-2022-32221...