19 matches found
JLSEC-2026-403
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
Siemens SIMATIC S7-1500 Cleartext Transmission of Sensitive Information (CVE-2023-23915)
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
curl: HSTS amnesia with --parallel
A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity...
curl: HSTS amnesia with --parallel
A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity...
FreeBSD : curl -- multiple vulnerabilities (be233fc6-bae7-11ed-a4fb-080027f5fec9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the be233fc6-bae7-11ed-a4fb-080027f5fec9 advisory. - A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that...
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS.
...
AZL-13660 CVE-2023-23915 affecting package rust for versions less than 1.72.0-2
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
DEBIAN-CVE-2023-23915
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
AZL-13655 CVE-2023-23915 affecting package mysql for versions less than 8.0.33-1
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
AZL-13652 CVE-2023-23915 affecting package curl for versions less than 7.88.1-1
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
AZL-34601 CVE-2023-23915 affecting package cmake for versions less than 3.28.2-1
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
AZL-38093 CVE-2023-23915 affecting package tensorflow for versions less than 2.16.1-1
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
ALPINE-CVE-2023-23915
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
CVE-2023-23915
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
CVE-2023-23915
A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity...
SUSE CVE-2023-23915
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
PT-2023-19297
Name of the Vulnerable Software and Affected Versions curl versions prior to 7.88.0 Description A cleartext transmission of sensitive information issue exists in curl that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, cu...
UBUNTU-CVE-2023-23915
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
Updated lftp packages fix security vulnerability
Updated lftp packages fix security vulnerability Lftp 4.8.4 bring a security fix for "file:" file names. From version 4.7.7 which was previous MGA6 lftp version, it brings also several new parameters like the -P option for parallel transfers...