Oracle Linux 9 : curl (ELSA-2023-2478)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2478 advisory. - fix HTTP multi-header compression denial of service CVE-2023-23916 - smb/telnet: fix use-after-free when HTTP proxy denies tunnel CVE-2022-43552 - fi...

curl security update

7.76.1-23 - fix HTTP multi-header compression denial of service CVE-2023-23916 7.76.1-22 - smb/telnet: fix use-after-free when HTTP proxy denies tunnel CVE-2022-43552 7.76.1-21 - fix POST following PUT confusion CVE-2022-32221 7.76.1-20 - control code in cookie denial of service CVE-2022-35252...

AlmaLinux 9 : curl (ALSA-2023:2478)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2478 advisory. - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver...

ALSA-2023:2478 Low: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Incorrect handling of control code characters in cookies CVE-2022-35252 curl: Use-after-free triggered by an HTTP pro...

Medium: curl

Issue Overview: A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or...

Help Desk WP <= 1.2.0 - Editor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. 1. Using a user with Editor Role privileges, go to the support page assigned for the Help Desk WP Plugin. 2. Click on "Add New Ticket", and fill t...

WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The plugin does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. PoC 1. Book or cancel booking an event using an authenticated user. 2. Intercept the request using an HTTP...

K000133092: cURL vulnerability CVE-2022-43552

Security Advisory Description A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET,...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1547)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CBL Mariner 2.0 Security Update: curl (CVE-2022-42915)

The version of curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-42915 advisory. - curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non- HTTPS UR...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2023-1522)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP...

CLSA-2023-1678820199 Fix CVE(s): CVE-2022-43552

SECURITY UPDATE: HTTP Proxy deny use-after-free - debian/patches/CVE-2022-43552.patch: + smb/telnet: do not free the protocol struct in done. + conn: don't free easy handle data in handler-disconnect. - CVE-2022-43552...

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3 libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.

...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-1438)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-1463)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP...

Debian: Security Advisory (DLA-142-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5894-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Tenable SecurityCenter 5.22.0 / 5.23.1 Multiple Vulnerabilities (TNS-2023-05)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running 5.22.0 or 5.23.1 and is therefore affected by multiple vulnerabilities in curl starting with 7.77.0 and before 7.86.0: - If curl is told to use an HTTP proxy for a transfer with ...

Curl Use-After-Free < 7.87 (CVE-2022-43552)

The version of Curl installed on the remote host is prior to 7.87.0. It is therefore affected by a use-after-free vulnerability. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to...

K02692210: BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2017-6157

Security Advisory Description BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or...