25 matches found
EUVD-2008-3268
Malware in sbrugna...
CVE-2008-3280
It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...
CentOS 8 : curl (CESA-2023:4523)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:4523 advisory. - An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with...
Security Bulletin: IBM Storage Ceph is vulnerable to Improper Certificate Validation in the RHEL UBI (CVE-2023-28321)
Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-28321 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-28321 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...
EulerOS Virtualization 2.11.1 : curl (EulerOS-SA-2023-2719)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass...
EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2023-3425)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when...
Security Bulletin: IBM Event Streams is affected by a vulnerability in cURL libcurl (CVE-2023-28321)
Summary This security vulnerability affects the base image being used to build IBM Event Stream images. CVE-2023-28321 Vulnerability Details CVEID:CVE-2023-28321 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when listed as "Subject...
RHEL 8 : curl (RHSA-2023:6292)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6292 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...
Debian dla-3613 : curl - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3613 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3613-1 [email protected]...
AlmaLinux 8 : curl (ALSA-2023:4523)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4523 advisory. - An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with...
EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-2578)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as 'Subjec...
EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-2608)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as 'Subjec...
AlmaLinux 9 : curl (ALSA-2023:4354)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4354 advisory. - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as Subject...
openSUSE 15: curl / libcurl-devel / libcurl-devel-32bit / libcurl4 / etc (SUSE-SU-2023:2224-2)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2224-2 advisory. This update for curl adds the following feature: Update to version 8.0.1 jscPED-2580 - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check...
Fedora 38 : curl (2023-37eac50e9b)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-37eac50e9b advisory. - fix more POST-after-PUT confusion CVE-2023-28322 - fix IDN wildcard match CVE-2023-28321 Tenable has extracted the preceding description block...
Improper Certificate Validation
curl is vulnerable to Improper Certificate Validation. The vulnerability allows matching of wildcard patterns when listed as 'Subject Alternative Name' in TLS server certificates and could result in accepting patterns that otherwise should be mismatched...
CVE-2023-28321
CVE-2023-28321 affects curl before 8.1.0, where a private wildcard matching function used for TLS SAN wildcard patterns can mis-match IDN hostnames. IDNs are punycode-encoded (starting with xn--), but the curl wildcard check could still accept patterns like x* that should not match, potentially a...
CVE-2023-28321
An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...
CVE-2023-28321
An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...
CVE-2023-28321
An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...