Lucene search
K

291 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.23 views

Rocky Linux 9 : curl (RLSA-2023:0333)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0333 advisory. - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option...

9.8CVSS6.9AI score0.04325EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/09/11 12:0 a.m.35 views

Ubuntu 16.04 ESM / 18.04 ESM : curl vulnerabilities (USN-6237-3)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6237-3 advisory. USN-6237-1 fixed several vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and...

5.9CVSS6.5AI score0.02211EPSS
Exploits2References3
Prion
Prion
added 2023/08/08 8:15 p.m.24 views

Cross site scripting

Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files e.g., JavaScript content for stored XSS via the type field in a JSON document within a PUT /gallery/api/media request...

4.3CVSS5.1AI score0.00412EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/08/08 12:0 a.m.40 views

CVE-2023-26961

Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files e.g., JavaScript content for stored XSS via the type field in a JSON document within a PUT /gallery/api/media request...

5.4AI score0.00412EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/08/08 12:0 a.m.37 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-2578)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as 'Subjec...

5.9CVSS6.5AI score0.02211EPSS
Exploits2References3
Veracode
Veracode
added 2023/08/06 2:35 p.m.21 views

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the Feature Flag name of the library, which allows an attacker to inject and execute malicious flag names through the PUT request by clicking on a link...

6.1CVSS6.5AI score0.00949EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2023/07/18 8:33 a.m.3 views

curl: POST following PUT confusion

A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set if it previously used the same handle to issue a PUT request which us...

9.8CVSS6.7AI score0.04325EPSS
Exploits1References5
OSV
OSV
added 2023/05/26 9:15 p.m.5 views

ALPINE-CVE-2023-28322

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

3.7CVSS6.3AI score0.02211EPSS
Exploits1References1
NVD
NVD
added 2023/05/26 9:15 p.m.31 views

CVE-2023-28322

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

5.3CVSS5.7AI score0.02211EPSS
Exploits1References12
Prion
Prion
added 2023/05/26 9:15 p.m.35 views

Information disclosure

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

2.6CVSS5.3AI score0.02211EPSS
Exploits1References12Affected Software3
OSV
OSV
added 2023/05/26 12:0 a.m.53 views

CVE-2023-28322

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

5.3CVSS6.3AI score0.02211EPSS
Exploits1References14
Cvelist
Cvelist
added 2023/05/26 12:0 a.m.28 views

CVE-2023-28322

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

5.5AI score0.02211EPSS
Exploits1References12
AlpineLinux
AlpineLinux
added 2023/05/26 12:0 a.m.125 views

CVE-2023-28322

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

5.3CVSS5.8AI score0.02211EPSS
Exploits1
curl security advisories
curl security advisories
added 2023/05/17 8:0 a.m.10 views

more POST-after-PUT confusion

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

5.3CVSS6.2AI score0.02211EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2023/05/17 6:0 a.m.2 views

UBUNTU-CVE-2023-28322

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

5.3CVSS6.6AI score0.02211EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2023/05/17 6:0 a.m.63 views

CVE-2023-28322

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

5.3CVSS6.6AI score0.02211EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/05/15 12:0 a.m.29 views

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2023-1931)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when...

9.8CVSS7.1AI score0.04325EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2023/04/27 12:0 a.m.33 views

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2023-1633)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when...

9.8CVSS7.1AI score0.04325EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2023/03/09 12:0 a.m.31 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1496)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.8AI score0.04325EPSS
Exploits1References2
Huntr
Huntr
added 2023/02/21 9:12 p.m.16 views

Admin Able To Perform Operations On Themselves By Interacting With API

Description When setting a password through /admin/users URI, the admin is not allowed to set their own new password through this URI. If they attempt to do so, they receive an error stating Forbidden to operate on yourself. But this is easily bypassable by interacting with the API: if you set a...

4.7CVSS4.8AI score0.00644EPSS
Exploits1
Rows per page
Query Builder