rpm package
suse/curl&distro=SUSE Manager Server 4.0
pkg:rpm/suse/curl&distro=SUSE%20Manager%20Server%204.0
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-22925 | Med | 5.3 | < 7.60.0-3.47.1 | 7.60.0-3.47.1 | Aug 5, 2021 | curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized | |
| CVE-2021-22922 | Med | 6.5 | < 7.60.0-3.47.1 | 7.60.0-3.47.1 | Aug 5, 2021 | When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different | |
| CVE-2021-22924 | — | < 7.60.0-3.47.1 | 7.60.0-3.47.1 | Aug 5, 2021 | libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively | ||
| CVE-2021-22923 | — | < 7.60.0-3.47.1 | 7.60.0-3.47.1 | Aug 5, 2021 | When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents | ||
| CVE-2021-22898 | Low | 3.1 | < 7.60.0-3.42.1 | 7.60.0-3.42.1 | Jun 11, 2021 | curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could | |
| CVE-2021-22876 | — | < 7.60.0-3.42.1 | 7.60.0-3.42.1 | Apr 1, 2021 | curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP |
- affected < 7.60.0-3.47.1fixed 7.60.0-3.47.1
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized
- affected < 7.60.0-3.47.1fixed 7.60.0-3.47.1
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different
- CVE-2021-22924Aug 5, 2021affected < 7.60.0-3.47.1fixed 7.60.0-3.47.1
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively
- CVE-2021-22923Aug 5, 2021affected < 7.60.0-3.47.1fixed 7.60.0-3.47.1
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents
- affected < 7.60.0-3.42.1fixed 7.60.0-3.42.1
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could
- CVE-2021-22876Apr 1, 2021affected < 7.60.0-3.42.1fixed 7.60.0-3.42.1
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP