Lucene search
K

25 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2008-3268

Malware in sbrugna...

5.9CVSS6.1AI score0.03951EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/21 8:44 p.m.12 views

CVE-2008-3280

It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...

7.8CVSS7AI score0.95182EPSS
Exploits28References1
Tenable Nessus
Tenable Nessus
added 2024/02/08 12:0 a.m.46 views

CentOS 8 : curl (CESA-2023:4523)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:4523 advisory. - An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with...

5.9CVSS6.5AI score0.0181EPSS
Exploits2References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/26 9:52 p.m.37 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Certificate Validation in the RHEL UBI (CVE-2023-28321)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-28321 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-28321 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...

5.9CVSS6.5AI score0.0181EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.51 views

EulerOS Virtualization 2.11.1 : curl (EulerOS-SA-2023-2719)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass...

9.8CVSS7.2AI score0.02211EPSS
Exploits7References8
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.42 views

EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2023-3425)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when...

5.9CVSS6.5AI score0.0181EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 10:25 p.m.33 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in cURL libcurl (CVE-2023-28321)

Summary This security vulnerability affects the base image being used to build IBM Event Stream images. CVE-2023-28321 Vulnerability Details CVEID:CVE-2023-28321 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when listed as "Subject...

5.9CVSS6.4AI score0.0181EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/02 12:0 a.m.48 views

RHEL 8 : curl (RHSA-2023:6292)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6292 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

5.9CVSS7.7AI score0.06208EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2023/10/11 12:0 a.m.35 views

Debian dla-3613 : curl - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3613 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3613-1 [email protected]...

5.9CVSS7.7AI score0.06208EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2023/08/09 12:0 a.m.49 views

AlmaLinux 8 : curl (ALSA-2023:4523)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4523 advisory. - An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with...

5.9CVSS6.5AI score0.0181EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2023/08/08 12:0 a.m.37 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-2578)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as 'Subjec...

5.9CVSS6.5AI score0.02211EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2023/08/08 12:0 a.m.23 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-2608)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as 'Subjec...

5.9CVSS6.5AI score0.02211EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.26 views

AlmaLinux 9 : curl (ALSA-2023:4354)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4354 advisory. - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as Subject...

5.9CVSS6.5AI score0.02211EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2023/06/22 12:0 a.m.41 views

openSUSE 15: curl / libcurl-devel / libcurl-devel-32bit / libcurl4 / etc (SUSE-SU-2023:2224-2)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2224-2 advisory. This update for curl adds the following feature: Update to version 8.0.1 jscPED-2580 - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check...

7.5CVSS6.7AI score0.02658EPSS
Exploits4References13
Tenable Nessus
Tenable Nessus
added 2023/06/07 12:0 a.m.37 views

Fedora 38 : curl (2023-37eac50e9b)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-37eac50e9b advisory. - fix more POST-after-PUT confusion CVE-2023-28322 - fix IDN wildcard match CVE-2023-28321 Tenable has extracted the preceding description block...

5.9CVSS6.5AI score0.02211EPSS
Exploits2References3
Veracode
Veracode
added 2023/06/06 4:56 p.m.39 views

Improper Certificate Validation

curl is vulnerable to Improper Certificate Validation. The vulnerability allows matching of wildcard patterns when listed as 'Subject Alternative Name' in TLS server certificates and could result in accepting patterns that otherwise should be mismatched...

5.9CVSS6.8AI score0.0181EPSS
Exploits1References19Affected Software2
CVE
CVE
added 2023/05/26 12:0 a.m.306 views

CVE-2023-28321

CVE-2023-28321 affects curl before 8.1.0, where a private wildcard matching function used for TLS SAN wildcard patterns can mis-match IDN hostnames. IDNs are punycode-encoded (starting with xn--), but the curl wildcard check could still accept patterns like x* that should not match, potentially a...

5.9CVSS6.2AI score0.0181EPSS
Exploits1References12Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/26 12:0 a.m.6 views

CVE-2023-28321

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

5.8AI score0.0181EPSS
Exploits1References12
AlpineLinux
AlpineLinux
added 2023/05/26 12:0 a.m.62 views

CVE-2023-28321

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

5.9CVSS6.5AI score0.0181EPSS
Exploits1
Debian CVE
Debian CVE
added 2023/05/26 12:0 a.m.51 views

CVE-2023-28321

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

5.9CVSS6.6AI score0.0181EPSS
Exploits1
Rows per page
Query Builder