Количество 40
Количество 40
CVE-2021-22898
CVE-2021-22898
curl 7.7 through 7.76.1 suffers from an information disclosure when th ...
RLSA-2021:4511
Moderate: curl security and bug fix update
GHSA-rjqf-6h27-xqfp
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
BDU:2022-00343
Уязвимость служебной программы командной строки cURL, связанная с использованием неинициализированного ресурса, позволяющая нарушителю получить доступ к конфиденциальным данным
openSUSE-SU-2021:1762-1
Security update for curl
openSUSE-SU-2021:0808-1
Security update for curl
SUSE-SU-2021:1763-1
Security update for curl
SUSE-SU-2021:1762-1
Security update for curl
SUSE-SU-2021:14760-1
Security update for curl
SUSE-SU-2021:14735-1
Security update for curl
GHSA-7w8r-q58w-5wcr
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.
BDU:2021-03580
Уязвимость функции sscanf() библиотеки libcurl программного средства для взаимодействия с серверами CURL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
openSUSE-SU-2021:2439-1
Security update for curl
openSUSE-SU-2021:1088-1
Security update for curl
SUSE-SU-2021:2462-1
Security update for curl
SUSE-SU-2021:2440-1
Security update for curl
SUSE-SU-2021:2439-1
Security update for curl
SUSE-SU-2021:2425-1
Security update for curl
SUSE-SU-2021:14768-1
Security update for curl
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVSS3: 3.1 | 0% Низкий | почти 4 года назад | |
| CVE-2021-22898 curl 7.7 through 7.76.1 suffers from an information disclosure when th ... | CVSS3: 3.1 | 0% Низкий | около 4 лет назад |
 | RLSA-2021:4511 Moderate: curl security and bug fix update | 0% Низкий | больше 3 лет назад | |
| GHSA-rjqf-6h27-xqfp curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
 | BDU:2022-00343 Уязвимость служебной программы командной строки cURL, связанная с использованием неинициализированного ресурса, позволяющая нарушителю получить доступ к конфиденциальным данным | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
 | openSUSE-SU-2021:1762-1 Security update for curl | 0% Низкий | почти 4 года назад | |
| openSUSE-SU-2021:0808-1 Security update for curl | 0% Низкий | около 4 лет назад | |
| SUSE-SU-2021:1763-1 Security update for curl | 0% Низкий | около 4 лет назад | |
| SUSE-SU-2021:1762-1 Security update for curl | 0% Низкий | около 4 лет назад | |
| SUSE-SU-2021:14760-1 Security update for curl | 0% Низкий | почти 4 года назад | |
| SUSE-SU-2021:14735-1 Security update for curl | 0% Низкий | около 4 лет назад | |
| GHSA-7w8r-q58w-5wcr curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. | CVSS3: 3.1 | 0% Низкий | около 3 лет назад |
| BDU:2021-03580 Уязвимость функции sscanf() библиотеки libcurl программного средства для взаимодействия с серверами CURL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 3.1 | 0% Низкий | около 4 лет назад |
| openSUSE-SU-2021:2439-1 Security update for curl | почти 4 года назад | ||
| openSUSE-SU-2021:1088-1 Security update for curl | почти 4 года назад | ||
| SUSE-SU-2021:2462-1 Security update for curl | почти 4 года назад | ||
| SUSE-SU-2021:2440-1 Security update for curl | почти 4 года назад | ||
| SUSE-SU-2021:2439-1 Security update for curl | почти 4 года назад | ||
| SUSE-SU-2021:2425-1 Security update for curl | почти 4 года назад | ||
| SUSE-SU-2021:14768-1 Security update for curl | почти 4 года назад |
Уязвимостей на страницу