Количество 10
Количество 10
BDU:2023-02154
Уязвимость механизма HSTS (HTTP Strict Transport Security) утилиты командной строки cURL, позволяющая нарушителю изменить функциональность HSTS при последовательном запросе нескольких URL-адресов
ROS-20230417-25
Уязвимость libcurl
ROS-20230417-05
Уязвимость curl
CVE-2023-23914
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.
CVE-2023-23914
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.
CVE-2023-23914
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.
CVE-2023-23914
CVE-2023-23914
A cleartext transmission of sensitive information vulnerability exists ...
GHSA-75qm-2q4j-qx6g
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.
SUSE-SU-2023:0429-1
Security update for curl
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2023-02154 Уязвимость механизма HSTS (HTTP Strict Transport Security) утилиты командной строки cURL, позволяющая нарушителю изменить функциональность HSTS при последовательном запросе нескольких URL-адресов | CVSS3: 9.1 | 0% Низкий | почти 3 года назад |
 | ROS-20230417-25 Уязвимость libcurl | CVSS3: 9.1 | 0% Низкий | больше 2 лет назад |
| ROS-20230417-05 Уязвимость curl | CVSS3: 9.1 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on. | CVSS3: 9.1 | 0% Низкий | почти 3 года назад |
 | CVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
 | CVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on. | CVSS3: 9.1 | 0% Низкий | почти 3 года назад |
 | CVSS3: 9.1 | 0% Низкий | почти 3 года назад | |
| CVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists ... | CVSS3: 9.1 | 0% Низкий | почти 3 года назад |
| GHSA-75qm-2q4j-qx6g A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on. | 0% Низкий | почти 3 года назад | |
 | SUSE-SU-2023:0429-1 Security update for curl | почти 3 года назад |
Уязвимостей на страницу