rpm package
almalinux/curl
pkg:rpm/almalinux/curl
Vulnerabilities (27)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-27775 | Hig | 7.5 | < 7.76.1-19.el9 | 7.76.1-19.el9 | Jun 2, 2022 | An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. | |
| CVE-2022-27774 | Med | 5.7 | < 7.61.1-22.el8_6.3 | 7.61.1-22.el8_6.3 | Jun 2, 2022 | An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on d | |
| CVE-2022-27776 | — | < 7.61.1-22.el8_6.3 | 7.61.1-22.el8_6.3 | Jun 1, 2022 | A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | ||
| CVE-2022-22576 | Hig | 8.1 | < 7.61.1-22.el8_6.3 | 7.61.1-22.el8_6.3 | May 26, 2022 | An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL | |
| CVE-2021-22925 | Med | 5.3 | < 7.61.1-22.el8 | 7.61.1-22.el8 | Aug 5, 2021 | curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized | |
| CVE-2021-22898 | Low | 3.1 | < 7.61.1-22.el8 | 7.61.1-22.el8 | Jun 11, 2021 | curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could | |
| CVE-2021-22876 | — | < 7.61.1-22.el8 | 7.61.1-22.el8 | Apr 1, 2021 | curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP |
- affected < 7.76.1-19.el9fixed 7.76.1-19.el9
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
- affected < 7.61.1-22.el8_6.3fixed 7.61.1-22.el8_6.3
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on d
- CVE-2022-27776Jun 1, 2022affected < 7.61.1-22.el8_6.3fixed 7.61.1-22.el8_6.3
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
- affected < 7.61.1-22.el8_6.3fixed 7.61.1-22.el8_6.3
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL
- affected < 7.61.1-22.el8fixed 7.61.1-22.el8
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized
- affected < 7.61.1-22.el8fixed 7.61.1-22.el8
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could
- CVE-2021-22876Apr 1, 2021affected < 7.61.1-22.el8fixed 7.61.1-22.el8
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP
Page 2 of 2