EUVD-2020-18429

Malware in sbrugna...

EUVD-2023-32028

Malicious code in bioql PyPI...

CVE-2020-25779

Trend Micro Antivirus for Mac 2020 Consumer has a vulnerability in which a Internationalized Domain Name homograph attack Puny-code could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature...

CBL Mariner 2.0 Security Update: rust / tensorflow / curl / mysql (CVE-2023-28321)

The version of rust / tensorflow / curl / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-28321 advisory. - An improper certificate validation vulnerability exists in curl v8.1.0 in the way ...

EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2023-3425)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3425)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : curl (RHSA-2023:6292)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6292 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

Ubuntu 16.04 ESM / 18.04 ESM : curl vulnerabilities (USN-6237-3)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6237-3 advisory. USN-6237-1 fixed several vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and...

AlmaLinux 8 : curl (ALSA-2023:4523)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4523 advisory. - An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with...

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2023-2556)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2023-2376)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as 'Subjec...

openSUSE 15 Security Update : curl (SUSE-SU-2023:2224-2)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2224-2 advisory. - A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash...

CVE-2023-28321

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

Input validation

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

CVE-2023-28321

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

CVE-2023-28321

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

CVE-2023-28321

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

CURL-CVE-2023-28321 IDN wildcard match

curl supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN International Domain...