16 matches found
Astra Linux - уязвимость в curl
A authentication bypass vulnerability exists in libcurl prior to v8.0.0. It reuses an previously established SSH connection, even though one SSH option has been modified, which should prevent such reuse. libcurl maintains a pool of previously used connections and can reuse them for subsequent...
EUVD-2023-31293
Malicious code in bioql PyPI...
MGASA-2023-0263 Updated curl packages fix security vulnerability
TELNET option IAC injection. CVE-2023-27533 SFTP path resolving discrepancy. CVE-2023-27534 FTP too eager connection reuse. CVE-2023-27535 GSS delegation too eager connection re-use. CVE-2023-27536 HSTS double free. CVE-2023-27537 SSH connection too eager reuse still. CVE-2023-27538 UAF in SSH...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2510)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2484)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:2228-1 Security update for curl
This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition bsc1211231. - CVE-2023-28321: Fixed IDN wildcard matching bsc1211232. - CVE-2023-28322: Fixed POST-after-PUT confusion bsc1211233. - CVE-2023-27533: Fixed TELNET option IAC injection bsc1209209. -...
EulerOS 2.0 SP10 : curl (EulerOS-SA-2023-1798)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously...
AZL-38257 CVE-2023-27538 affecting package tensorflow for versions less than 2.16.1-1
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...
AZL-25848 CVE-2023-27538 affecting package curl for versions less than 8.0.1-1
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...
AZL-25808 CVE-2023-27538 affecting package rust for versions less than 1.72.0-2
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...
AZL-25786 CVE-2023-27538 affecting package cmake for versions less than 3.21.4-13
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...
CVE-2023-27538
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...
SUSE-SU-2023:1582-1 Security update for curl
This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection bsc1209209. - CVE-2023-27534: Fixed SFTP path resolving discrepancy bsc1209210. - CVE-2023-27535: Fixed FTP too eager connection reuse bsc1209211. - CVE-2023-27536: Fixed GSS delegation too eager...
UBUNTU-CVE-2023-27538
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...
SUSE-SU-2022:2813-1 Security update for curl
This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain bnc1199223. - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even wh...
RLSA-2022:5313 Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl:...