rpm package
suse/curl&distro=SUSE Enterprise Storage 6
pkg:rpm/suse/curl&distro=SUSE%20Enterprise%20Storage%206
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-22924 | — | < 7.60.0-3.47.1 | 7.60.0-3.47.1 | Aug 5, 2021 | libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively | ||
| CVE-2021-22923 | — | < 7.60.0-3.47.1 | 7.60.0-3.47.1 | Aug 5, 2021 | When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents | ||
| CVE-2021-22898 | Low | 3.1 | < 7.60.0-3.42.1 | 7.60.0-3.42.1 | Jun 11, 2021 | curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could | |
| CVE-2021-22876 | — | < 7.60.0-3.42.1 | 7.60.0-3.42.1 | Apr 1, 2021 | curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP |
- CVE-2021-22924Aug 5, 2021affected < 7.60.0-3.47.1fixed 7.60.0-3.47.1
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively
- CVE-2021-22923Aug 5, 2021affected < 7.60.0-3.47.1fixed 7.60.0-3.47.1
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents
- affected < 7.60.0-3.42.1fixed 7.60.0-3.42.1
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could
- CVE-2021-22876Apr 1, 2021affected < 7.60.0-3.42.1fixed 7.60.0-3.42.1
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP
Page 2 of 2