Lucene search
+L

132 matches found

Tenable Nessus
Tenable Nessus
added 2023/04/09 12:0 a.m.35 views

Fedora 36 : curl (2023-7e7414e64d)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7e7414e64d advisory. - fix SSH connection too eager reuse still CVE-2023-27538 - fix GSS delegation too eager connection re-use CVE-2023-27536 - fix FTP too eager...

9.8CVSS6.5AI score0.02195EPSS
Exploits5References6
Redos
Redos
added 2023/04/06 12:0 a.m.57 views

ROS-20230406-01

A vulnerability in the curl program is related to the incorrect replacement of the tilde character when used as a prefix in the first path element, in addition to its intended use as the first element to specify a path relative to a user's home directory. element to specify a path relative to the...

9.8CVSS8.9AI score0.02195EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2023/04/02 12:0 a.m.42 views

SUSE SLES15 Security Update : curl (SUSE-SU-2023:1711-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1711-1 advisory. - An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the chained HTTP compression algorithms...

9.8CVSS7.4AI score0.02195EPSS
Exploits6References19
OSV
OSV
added 2023/03/31 11:5 a.m.6 views

OESA-2023-1196 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However,...

9.8CVSS8.9AI score0.02195EPSS
Exploits5References6
OSV
OSV
added 2023/03/30 8:15 p.m.3 views

ALPINE-CVE-2023-27533

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

8.8CVSS7.9AI score0.01993EPSS
Exploits1References1
OSV
OSV
added 2023/03/30 8:15 p.m.2 views

DEBIAN-CVE-2023-27533

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

8.8CVSS7.1AI score0.01993EPSS
Exploits1References1
OSV
OSV
added 2023/03/30 8:15 p.m.6 views

AZL-25804 CVE-2023-27533 affecting package mysql for versions less than 8.0.34-1

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

8.8CVSS7.1AI score0.01993EPSS
Exploits1References1
OSV
OSV
added 2023/03/30 8:15 p.m.56 views

CVE-2023-27533

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

8.8CVSS7.7AI score0.01993EPSS
Exploits1References5
OSV
OSV
added 2023/03/30 8:15 p.m.8 views

AZL-25783 CVE-2023-27533 affecting package cmake for versions less than 3.21.4-12

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

8.8CVSS7.1AI score0.01993EPSS
Exploits1References1
Prion
Prion
added 2023/03/30 8:15 p.m.33 views

Input validation

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

6.8CVSS8.7AI score0.01993EPSS
Exploits1References5Affected Software3
AlpineLinux
AlpineLinux
added 2023/03/30 12:0 a.m.58 views

CVE-2023-27533

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

9.8CVSS9.1AI score0.01993EPSS
Exploits1
Cvelist
Cvelist
added 2023/03/30 12:0 a.m.35 views

CVE-2023-27533

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

9.1AI score0.01993EPSS
Exploits1References5
CVE
CVE
added 2023/03/30 12:0 a.m.274 views

CVE-2023-27533

CVE-2023-27533 affects curl = 8.0.1 as seen in ALAS2-2023-2070 and other advisories). No exploitation status is provided in the sources; assess risk based on environment and patch availability.

9.8CVSS8.8AI score0.01993EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/30 12:0 a.m.1 views

CVE-2023-27533

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

6.2AI score0.01993EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2023/03/30 12:0 a.m.54 views

CVE-2023-27533

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

9.8CVSS7.6AI score0.01993EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/03/28 12:0 a.m.51 views

SUSE SLED15: curl / libcurl-devel / libcurl-devel-32bit / libcurl4 / etc (SUSE-SU-2023:1582-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1582-1 advisory. - CVE-2023-27533: Fixed TELNET option IAC injection bsc1209209. - CVE-2023-27534: Fixed SFTP pat...

9.8CVSS6.8AI score0.02195EPSS
Exploits5References16
RedhatCVE
RedhatCVE
added 2023/03/21 1:13 p.m.67 views

CVE-2023-27533

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

4.3CVSS9.3AI score0.01993EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/03/21 3:13 a.m.4 views

SUSE CVE-2023-27533

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

4.5CVSS9.1AI score0.01993EPSS
Exploits1References92
OSV
OSV
added 2023/03/20 8:0 a.m.42 views

CURL-CVE-2023-27533 TELNET option IAC injection

curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on username and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the documented functionality, curl would pass on username and telnet options ...

9.8CVSS6.6AI score0.01993EPSS
Exploits1
curl security advisories
curl security advisories
added 2023/03/20 8:0 a.m.9 views

TELNET option IAC injection

curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on username and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the documented functionality, curl would pass on username and telnet options ...

9.8CVSS6.4AI score0.01993EPSS
Exploits1References1Affected Software2
Rows per page
Query Builder