Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-12-14 | CVE-2020-8177 | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | Debian_linux, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Curl, Sinec_infrastructure_network_services, Universal_forwarder | 7.8 | ||
| 2020-12-14 | CVE-2020-8231 | Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. | Debian_linux, Libcurl, Communications_cloud_native_core_policy, Sinec_infrastructure_network_services, Universal_forwarder | 7.5 | ||
| 2020-12-14 | CVE-2020-8285 | curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | Mac_os_x, Macos, Debian_linux, Fedora, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Libcurl, Clustered_data_ontap, Hci_bootstrap_os, Hci_management_node, Hci_storage_node_firmware, Solidfire, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Essbase, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Universal_forwarder | 7.5 | ||
| 2020-12-14 | CVE-2020-8286 | curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | Mac_os_x, Macos, Debian_linux, Fedora, Libcurl, Clustered_data_ontap, Hci_bootstrap_os, Hci_management_node, Hci_storage_node_firmware, Solidfire, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Essbase, Peoplesoft_enterprise_peopletools, Simatic_tim_1531_irc_firmware, Sinec_infrastructure_network_services, Universal_forwarder | 7.5 | ||
| 2021-04-01 | CVE-2021-22876 | curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. | Fabric_operating_system, Debian_linux, Fedora, Libcurl, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire, Communications_billing_and_revenue_management, Essbase, Sinec_infrastructure_network_services, Universal_forwarder | 5.3 | ||
| 2021-04-01 | CVE-2021-22890 | curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby... | Fabric_operating_system, Debian_linux, Fedora, Libcurl, Hci_management_node, Hci_storage_node, Solidfire, Communications_billing_and_revenue_management, Essbase, Sinec_infrastructure_network_services, Universal_forwarder | 3.7 | ||
| 2021-06-11 | CVE-2021-22898 | curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. | Debian_linux, Fedora, Curl, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_service_communication_proxy, Essbase, Mysql_server, Sinec_infrastructure_network_services, Universal_forwarder | 3.1 | ||
| 2021-08-03 | CVE-2021-30560 | Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Chrome, Universal_forwarder, Libxslt | 8.8 | ||
| 2021-08-05 | CVE-2021-22924 | libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the... | Debian_linux, Fedora, Libcurl, Cloud_backup, Clustered_data_ontap, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Mysql_server, Peoplesoft_enterprise_peopletools, Logo\!_cmr2020_firmware, Logo\!_cmr2040_firmware, Ruggedcomrm_1224_lte_firmware, Scalance_m804pb_firmware, Scalance_m812\-1_firmware, Scalance_m816\-1_firmware, Scalance_m826\-2_firmware, Scalance_m874\-2_firmware, Scalance_m874\-3_firmware, Scalance_m876\-3_firmware, Scalance_m876\-4_firmware, Scalance_mum856\-1_firmware, Scalance_s615_firmware, Simatic_cp_1543\-1_firmware, Simatic_cp_1545\-1_firmware, Simatic_rtu3010c_firmware, Simatic_rtu3030c_firmware, Simatic_rtu3031c_firmware, Simatic_rtu_3041c_firmware, Sinec_infrastructure_network_services, Sinema_remote_connect, Sinema_remote_connect_server, Siplus_net_cp_1543\-1_firmware, Universal_forwarder | 3.7 | ||
| 2021-09-23 | CVE-2021-22945 | When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. | Macos, Debian_linux, Fedora, Libcurl, Cloud_backup, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_baseboard_management_controller_firmware, Mysql_server, Sinec_ins, Universal_forwarder | 9.1 |