Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-12-10 | CVE-2013-4184 | Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks | Data\:\:uuid, Debian_linux | 5.5 | ||
2020-12-14 | CVE-2020-8169 | curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | Debian_linux, Curl, Simatic_tim_1531_irc_firmware, Sinec_infrastructure_network_services, Universal_forwarder | 7.5 | ||
2020-12-14 | CVE-2020-8177 | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | Debian_linux, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Curl, Sinec_infrastructure_network_services, Universal_forwarder | 7.8 | ||
2020-12-14 | CVE-2020-8231 | Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. | Debian_linux, Libcurl, Communications_cloud_native_core_policy, Sinec_infrastructure_network_services, Universal_forwarder | 7.5 | ||
2020-12-14 | CVE-2020-8285 | curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | Mac_os_x, Macos, Debian_linux, Fedora, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Libcurl, Clustered_data_ontap, Hci_bootstrap_os, Hci_management_node, Hci_storage_node_firmware, Solidfire, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Essbase, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Universal_forwarder | 7.5 | ||
2020-12-14 | CVE-2020-8286 | curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | Mac_os_x, Macos, Debian_linux, Fedora, Libcurl, Clustered_data_ontap, Hci_bootstrap_os, Hci_management_node, Hci_storage_node_firmware, Solidfire, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Essbase, Peoplesoft_enterprise_peopletools, Simatic_tim_1531_irc_firmware, Sinec_infrastructure_network_services, Universal_forwarder | 7.5 | ||
2021-04-01 | CVE-2021-22876 | curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. | Fabric_operating_system, Debian_linux, Fedora, Libcurl, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire, Communications_billing_and_revenue_management, Essbase, Sinec_infrastructure_network_services, Universal_forwarder | 5.3 | ||
2021-04-01 | CVE-2021-22890 | curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby... | Fabric_operating_system, Debian_linux, Fedora, Libcurl, Hci_management_node, Hci_storage_node, Solidfire, Communications_billing_and_revenue_management, Essbase, Sinec_infrastructure_network_services, Universal_forwarder | 3.7 | ||
2021-06-11 | CVE-2021-22898 | curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. | Debian_linux, Fedora, Curl, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_service_communication_proxy, Essbase, Mysql_server, Sinec_infrastructure_network_services, Universal_forwarder | 3.1 | ||
2021-08-03 | CVE-2021-30560 | Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Chrome, Universal_forwarder, Libxslt | 8.8 |