Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2023/03/20 12:0 a.m.31 views

CBL Mariner 2.0 Security Update: curl (CVE-2021-22897)

The version of curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-22897 advisory. - curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code...

5.3CVSS7.1AI score0.02979EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.5 views

SUSE CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS6.7AI score0.02979EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2022/02/13 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1062)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6AI score0.0627EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2022/01/12 12:0 a.m.65 views

Juniper Junos OS Multiple Vulnerabilities (JSA11289)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA11289 advisory. - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Refere...

8.1CVSS7.6AI score0.60122EPSS
Exploits5References6
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/03 7:16 p.m.30 views

Security Bulletin: curl vulnerability impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.1.1 and earlier (CVE-2021-22897)

Summary The curl vulnerability CVE-2021-22897 impacts Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, and Aspera Desktop Client 4.1.1 and earlier. The fix is delivered in Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, and Aspera Desktop Client 4.2....

5.3CVSS2.8AI score0.02979EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/07/13 12:0 a.m.28 views

EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2021-2206)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in...

5.3CVSS7.5AI score0.04385EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2021/07/13 12:0 a.m.27 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2176)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.5AI score0.04385EPSS
Exploits2References2
OSV
OSV
added 2021/06/11 4:15 p.m.4 views

ALPINE-CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS7AI score0.02979EPSS
Exploits1References1
OSV
OSV
added 2021/06/11 4:15 p.m.25 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS6.6AI score0.02979EPSS
Exploits1References8
NVD
NVD
added 2021/06/11 4:15 p.m.27 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS0.02979EPSS
Exploits1References8
Prion
Prion
added 2021/06/11 4:15 p.m.36 views

Code injection

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

4.3CVSS5.4AI score0.02979EPSS
Exploits1References8Affected Software9
UbuntuCve
UbuntuCve
added 2021/06/11 4:15 p.m.40 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS6.8AI score0.02979EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/06/11 3:49 p.m.42 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS6.5AI score0.02979EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2021/06/11 3:49 p.m.32 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS5.8AI score0.02979EPSS
Exploits1
Cvelist
Cvelist
added 2021/06/11 3:49 p.m.26 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.9AI score0.02979EPSS
Exploits1References8
Prion
Prion
added 2018/03/12 9:29 p.m.14 views

Out-of-bounds

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly have unspecified other impact via a wildcard...

7.5CVSS8.2AI score0.01831EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2018/03/12 9:29 p.m.26 views

CVE-2016-9953

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly have unspecified other impact via a wildcard...

9.8CVSS7.3AI score0.01831EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2018/03/12 9:29 p.m.23 views

CVE-2016-9952

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by ".com....

8.1CVSS7.2AI score0.013EPSS
Exploits0References2
Prion
Prion
added 2018/03/12 9:29 p.m.24 views

Code injection

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by ".com....

6.8CVSS7AI score0.013EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder