Download
| Alert*
|
oval:org.secpod.oval:def:89048859
This update for curl fixes the following issues: * CVE-2023-28320: Fixed siglongjmp race condition . * CVE-2023-28321: Fixed IDN wildcard matching . * CVE-2023-28322: Fixed POST-after-PUT confusion . * CVE-2023-27533: Fixed TELNET option IAC injection . * CVE-2023-27534: Fixed SFTP path ~ resolving ... oval:org.secpod.oval:def:1601685 A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, cu ... oval:org.secpod.oval:def:89048862 This update for curl fixes the following issues: * CVE-2023-28320: Fixed siglongjmp race condition . * CVE-2023-28321: Fixed IDN wildcard matching . * CVE-2023-28322: Fixed POST-after-PUT confusion . * CVE-2023-27533: Fixed TELNET option IAC injection . * CVE-2023-27534: Fixed SFTP path ~ resolving ... oval:org.secpod.oval:def:89048072 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free . - CVE-2022-43551: Fixed HSTS bypass via IDN . oval:org.secpod.oval:def:88662 The host is missing a security update according to Apple advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues. Successful exploitation allow attackers to execute arbitrary code, cause denial of service or di ... oval:org.secpod.oval:def:89048071 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free . oval:org.secpod.oval:def:1701160 A vulnerability was found in curl. This issue occurs due to an erroneous function. A malicious server could make curl within Network Security Services get stuck in a never-ending busy loop when trying to retrieve that information. This flaw allows an Infinite Loop, affecting system availability. A ... oval:org.secpod.oval:def:89331 Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure. oval:org.secpod.oval:def:1507194 [7.29.0-59.0.3.el7_9.2] - load CA certificates even with --insecure [Orabug: 32836997] - Fix TFTP small blocksize heap buffer overflow [CVE-2019-5482][Orabug: 30568724] - Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers - CVE-2016-8616 case insensitive password co ... oval:org.secpod.oval:def:89030 The host is missing a critical security update for KB5025239 oval:org.secpod.oval:def:610362 Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure. oval:org.secpod.oval:def:206053 Security Fix: curl: Use-after-free triggered by an HTTP proxy deny response For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:3300532 SUSE Security Update: Security update for curl oval:org.secpod.oval:def:86658 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:124796 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:89028 The host is missing a critical security update for KB5025230 oval:org.secpod.oval:def:89027 The host is missing a critical security update for KB5025229 oval:org.secpod.oval:def:88477 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:89024 The host is missing a critical security update for KB5025221 oval:org.secpod.oval:def:707865 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:89025 The host is missing a critical security update for KB5025224 oval:org.secpod.oval:def:88670 The host is installed with Apple Mac OS 13 before 13.3 and is prone to a multiple vulnerabilities. The flaws are present in the application, which fails to properly handle issues in unspecified vectors. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:508180 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: curl: Use-after-free triggered by an HTTP proxy deny response For more details about the security issue, including the impact, ... oval:org.secpod.oval:def:2107938 Oracle Solaris 11 - ( CVE-2022-42916 ) oval:org.secpod.oval:def:124804 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:88885 Open Source Curl Remote Code Execution Vulnerability. oval:org.secpod.oval:def:88501 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:2600210 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. oval:org.secpod.oval:def:507761 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: Incorrect handling of control code characters in cookies * curl: Use-after-free triggered by an HTTP proxy deny respons ... oval:org.secpod.oval:def:1506564 [7.76.1-23.el9_2.1] - fix FTP too eager connection reuse [7.76.1-23] - fix HTTP multi-header compression denial of service [7.76.1-22] - smb/telnet: fix use-after-free when HTTP proxy denies tunnel [7.76.1-21] - fix POST following PUT confusion [7.76.1-20] - control code in cookie denial of serv ... oval:org.secpod.oval:def:2501083 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. oval:org.secpod.oval:def:1506669 [7.76.1-23] - fix HTTP multi-header compression denial of service [7.76.1-22] - smb/telnet: fix use-after-free when HTTP proxy denies tunnel [7.76.1-21] - fix POST following PUT confusion [7.76.1-20] - control code in cookie denial of service oval:org.secpod.oval:def:19500155 A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials set for this transfer. This issue leads to an authentication bypass, either by mistake or by a malicious act ... oval:org.secpod.oval:def:507671 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: Incorrect handling of control code characters in cookies * curl: Use-after-free triggered by an HTTP proxy deny respons ... oval:org.secpod.oval:def:1506772 [7.61.1-30] - fix HTTP multi-header compression denial of service [7.61.1-29] - h2: lower initial window size to 32 MiB [7.61.1-28] - smb/telnet: fix use-after-free when HTTP proxy denies tunnel [7.61.1-27] - upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 [7.61.1-26] - control code in c ... oval:org.secpod.oval:def:90727 The host is missing a patch containing a security fixes, which affects the following package(s): oss.lib.libcurl |
