exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 16

CVE-2021-22946

больше 3 лет назад

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

CVSS3: 7.5

EPSS: Низкий

CVE-2021-22946

почти 4 года назад

CVSS3: 7.5

EPSS: Низкий

CVE-2021-22946

больше 3 лет назад

CVSS3: 7.5

EPSS: Низкий

CVE-2021-22946

больше 3 лет назад

CVSS3: 7.5

EPSS: Низкий

CVE-2021-22946

больше 3 лет назад

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful u ...

CVSS3: 7.5

EPSS: Низкий

GHSA-3cmq-42w4-c529

около 3 лет назад

CVSS3: 7.5

EPSS: Низкий

BDU:2021-05649

почти 4 года назад

Уязвимость реализации команды «--ssl-reqd» программного средства для взаимодействия с серверами cURL, позволяющая нарушителю проводить атаки типа "человек посередине"

CVSS3: 8.2

EPSS: Низкий

openSUSE-SU-2021:3298-1

больше 3 лет назад

Security update for curl

EPSS: Низкий

openSUSE-SU-2021:1384-1

больше 3 лет назад

Security update for curl

EPSS: Низкий

SUSE-SU-2021:3351-1

больше 3 лет назад

Security update for curl

EPSS: Низкий

SUSE-SU-2021:3332-1

больше 3 лет назад

Security update for curl

EPSS: Низкий

SUSE-SU-2021:3298-1

больше 3 лет назад

Security update for curl

EPSS: Низкий

SUSE-SU-2021:3297-1

больше 3 лет назад

Security update for curl

EPSS: Низкий

SUSE-SU-2021:14807-1

больше 3 лет назад

Security update for curl

EPSS: Низкий

RLSA-2021:4059

больше 3 лет назад

Moderate: curl security update

EPSS: Низкий

ELSA-2021-4059

больше 3 лет назад

ELSA-2021-4059: curl security update (MODERATE)

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2021-22946 A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations withoutTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.	CVSS3: 7.5	0% Низкий	больше 3 лет назад
CVE-2021-22946 A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations withoutTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.	CVSS3: 7.5	0% Низкий	почти 4 года назад
CVE-2021-22946 A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations withoutTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.	CVSS3: 7.5	0% Низкий	больше 3 лет назад
CVE-2021-22946	CVSS3: 7.5	0% Низкий	больше 3 лет назад
CVE-2021-22946 A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful u ...	CVSS3: 7.5	0% Низкий	больше 3 лет назад
GHSA-3cmq-42w4-c529 A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations withoutTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.	CVSS3: 7.5	0% Низкий	около 3 лет назад
BDU:2021-05649 Уязвимость реализации команды «--ssl-reqd» программного средства для взаимодействия с серверами cURL, позволяющая нарушителю проводить атаки типа "человек посередине"	CVSS3: 8.2	0% Низкий	почти 4 года назад
openSUSE-SU-2021:3298-1 Security update for curl			больше 3 лет назад
openSUSE-SU-2021:1384-1 Security update for curl			больше 3 лет назад
SUSE-SU-2021:3351-1 Security update for curl			больше 3 лет назад
SUSE-SU-2021:3332-1 Security update for curl			больше 3 лет назад
SUSE-SU-2021:3298-1 Security update for curl			больше 3 лет назад
SUSE-SU-2021:3297-1 Security update for curl			больше 3 лет назад
SUSE-SU-2021:14807-1 Security update for curl			больше 3 лет назад
RLSA-2021:4059 Moderate: curl security update			больше 3 лет назад
ELSA-2021-4059 ELSA-2021-4059: curl security update (MODERATE)			больше 3 лет назад

Уязвимостей на страницу