Search

Find a vulnerability

Search criteria

    312 vulnerabilities found for curl by haxx

    CVE-2026-7168 (GCVE-0-2026-7168)

    Vulnerability from nvd – Published: 2026-05-13 08:29 – Updated: 2026-06-23 16:12
    VLAI
    Title
    cross-proxy Digest auth state leak
    Summary
    Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Affected: 7.13.2 , ≤ 7.13.2 (semver)
    Affected: 7.13.1 , ≤ 7.13.1 (semver)
    Affected: 7.13.0 , ≤ 7.13.0 (semver)
    Affected: 7.12.3 , ≤ 7.12.3 (semver)
    Affected: 7.12.2 , ≤ 7.12.2 (semver)
    Affected: 7.12.1 , ≤ 7.12.1 (semver)
    Affected: 7.12.0 , ≤ 7.12.0 (semver)
    Create a notification for this product.
    Credits
    Muhamad Arga Reksapati Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-13T09:05:54.907Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/14"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7168",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:18:10.734219Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T16:12:24.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3697719"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.2",
                  "status": "affected",
                  "version": "7.13.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.1",
                  "status": "affected",
                  "version": "7.13.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.0",
                  "status": "affected",
                  "version": "7.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.3",
                  "status": "affected",
                  "version": "7.12.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.2",
                  "status": "affected",
                  "version": "7.12.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.0",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhamad Arga Reksapati"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Successfully using libcurl to do a transfer over a specific HTTP proxy\n(`proxyA`) with **Digest** authentication and then changing the proxy host to\na second one (`proxyB`) for a second transfer, reusing the same handle, makes\nlibcurl wrongly pass on the `Proxy-Authorization:` header field meant for\n`proxyA`, to `proxyB`."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-294 Authentication Bypass by Capture-replay",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:29:08.900Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-7168.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-7168.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3697719"
            }
          ],
          "title": "cross-proxy Digest auth state leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-7168",
        "datePublished": "2026-05-13T08:29:08.900Z",
        "dateReserved": "2026-04-27T07:37:37.172Z",
        "dateUpdated": "2026-06-23T16:12:24.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7009 (GCVE-0-2026-7009)

    Vulnerability from nvd – Published: 2026-05-13 08:28 – Updated: 2026-05-13 14:20
    VLAI
    Title
    OCSP stapling bypass with Apple SecTrust
    Summary
    When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Create a notification for this product.
    Credits
    Carlos Carrillo Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-13T09:05:48.665Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/12"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7009",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:20:11.436717Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:20:33.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3694390"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Carlos Carrillo"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When curl is told to use the Certificate Status Request TLS extension, often\nreferred to as *OCSP stapling*, to verify that the server certificate is\nvalid, it fails to detect OCSP problems and instead wrongly consider the\nresponse as fine."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:28:53.697Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-7009.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-7009.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3694390"
            }
          ],
          "title": "OCSP stapling bypass with Apple SecTrust"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-7009",
        "datePublished": "2026-05-13T08:28:53.697Z",
        "dateReserved": "2026-04-25T08:37:24.989Z",
        "dateUpdated": "2026-05-13T14:20:33.908Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6429 (GCVE-0-2026-6429)

    Vulnerability from nvd – Published: 2026-05-13 08:28 – Updated: 2026-05-13 14:03
    VLAI
    Title
    netrc credential leak with reused proxy connection
    Summary
    When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Create a notification for this product.
    Credits
    Muhamad Arga Reksapati Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6429",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:03:52.312824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:03:55.343Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhamad Arga Reksapati"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, libcurl could leak the password used for the first host to the\nfollowed-to host under certain circumstances."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:28:36.166Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-6429.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-6429.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3677759"
            }
          ],
          "title": "netrc credential leak with reused proxy connection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-6429",
        "datePublished": "2026-05-13T08:28:36.166Z",
        "dateReserved": "2026-04-16T14:48:02.991Z",
        "dateUpdated": "2026-05-13T14:03:55.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6276 (GCVE-0-2026-6276)

    Vulnerability from nvd – Published: 2026-05-13 08:28 – Updated: 2026-05-13 17:26
    VLAI
    Title
    stale custom cookie host causes cookie leak
    Summary
    Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Create a notification for this product.
    Credits
    Muhamad Arga Reksapati Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-13T09:05:37.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/13"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6276",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T17:24:29.094167Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T17:26:06.894Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3671818"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhamad Arga Reksapati"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Using libcurl, when a custom `Host:` header is first set for an HTTP request\nand a second request is subsequently done using the same *easy handle* but\nwithout the custom `Host:` header set, the second request would use stale\ninformation and pass on cookies meant for the first host in the second\nrequest. Leak them."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:28:19.273Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-6276.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-6276.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3671818"
            }
          ],
          "title": "stale custom cookie host causes cookie leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-6276",
        "datePublished": "2026-05-13T08:28:19.273Z",
        "dateReserved": "2026-04-14T14:01:54.772Z",
        "dateUpdated": "2026-05-13T17:26:06.894Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6253 (GCVE-0-2026-6253)

    Vulnerability from nvd – Published: 2026-05-13 08:28 – Updated: 2026-05-13 17:42
    VLAI
    Title
    proxy credentials leak over redirect-to proxy
    Summary
    curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Create a notification for this product.
    Credits
    Dwij Mehta (O2 Lab Texas A&M University) Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-13T09:05:31.000Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/11"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6253",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T17:42:30.813126Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T17:42:40.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3669637"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dwij Mehta (O2 Lab"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Texas A\u0026M University)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "curl might erroneously pass on credentials for a first proxy to a second\nproxy.\n\nThis can happen when the following conditions are true:\n\n1. curl is setup to use specific different proxies for different URL schemes\n2. the first proxy needs credentials\n3. the second proxy uses no credentials\n4. while using the first proxy (using say `http://`), curl is asked to follow\n   a redirect to a URL using another scheme (say `https://`), accessed using a\n   second, different, proxy"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:28:03.004Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-6253.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-6253.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3669637"
            }
          ],
          "title": "proxy credentials leak over redirect-to proxy"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-6253",
        "datePublished": "2026-05-13T08:28:03.004Z",
        "dateReserved": "2026-04-13T20:11:11.991Z",
        "dateUpdated": "2026-05-13T17:42:40.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5773 (GCVE-0-2026-5773)

    Vulnerability from nvd – Published: 2026-05-13 08:27 – Updated: 2026-05-13 17:45
    VLAI
    Title
    wrong reuse of SMB connection
    Summary
    libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should. This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Create a notification for this product.
    Credits
    Osama Hamad Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-13T09:05:23.608Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/9"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5773",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T17:45:00.901945Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T17:45:08.173Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3650689"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Osama Hamad"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl might in some circumstances reuse the wrong connection for SMB(S)\ntransfers.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a network transfer operation that was requested by an\napplication could wrongfully reuse an existing SMB connection to the same\nserver that was using a different \u0027share\u0027 than the new subsequent transfer\nshould.\n\nThis could in unlucky situations lead to the download of the wrong file or the\nupload of a file to the wrong place. When this happens, the same credentials\nare used and the server name is the same."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-488 Exposure of Data Element to Wrong Session",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:27:42.342Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-5773.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-5773.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3650689"
            }
          ],
          "title": "wrong reuse of SMB connection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-5773",
        "datePublished": "2026-05-13T08:27:42.342Z",
        "dateReserved": "2026-04-08T06:51:05.356Z",
        "dateUpdated": "2026-05-13T17:45:08.173Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5545 (GCVE-0-2026-5545)

    Vulnerability from nvd – Published: 2026-05-13 08:27 – Updated: 2026-05-13 17:46
    VLAI
    Title
    wrong reuse of HTTP Negotiate connection
    Summary
    libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. An application that first uses Negotiate authentication to a server with `user1:password1` and then does another operation to the same server asking for any authentication method but for `user2:password2` (while the previous connection is still alive) - the second request gets confused and wrongly reuses the same connection and sends the new request over that connection thinking it uses a mix of user1's and user2's credentials when it is in fact still using the connection authenticated for user1...
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Affected: 7.13.2 , ≤ 7.13.2 (semver)
    Affected: 7.13.1 , ≤ 7.13.1 (semver)
    Affected: 7.13.0 , ≤ 7.13.0 (semver)
    Affected: 7.12.3 , ≤ 7.12.3 (semver)
    Affected: 7.12.2 , ≤ 7.12.2 (semver)
    Affected: 7.12.1 , ≤ 7.12.1 (semver)
    Affected: 7.12.0 , ≤ 7.12.0 (semver)
    Affected: 7.11.2 , ≤ 7.11.2 (semver)
    Affected: 7.11.1 , ≤ 7.11.1 (semver)
    Affected: 7.11.0 , ≤ 7.11.0 (semver)
    Affected: 7.10.8 , ≤ 7.10.8 (semver)
    Affected: 7.10.7 , ≤ 7.10.7 (semver)
    Affected: 7.10.6 , ≤ 7.10.6 (semver)
    Create a notification for this product.
    Credits
    Quac Tran and Ngoc Hieu Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5545",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T17:46:36.115262Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T17:46:40.830Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3642555"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.2",
                  "status": "affected",
                  "version": "7.13.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.1",
                  "status": "affected",
                  "version": "7.13.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.0",
                  "status": "affected",
                  "version": "7.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.3",
                  "status": "affected",
                  "version": "7.12.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.2",
                  "status": "affected",
                  "version": "7.12.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.0",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.2",
                  "status": "affected",
                  "version": "7.11.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.1",
                  "status": "affected",
                  "version": "7.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.0",
                  "status": "affected",
                  "version": "7.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.8",
                  "status": "affected",
                  "version": "7.10.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.7",
                  "status": "affected",
                  "version": "7.10.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.6",
                  "status": "affected",
                  "version": "7.10.6",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Quac Tran and Ngoc Hieu"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl might in some circumstances reuse the wrong connection when asked to\ndo an authenticated HTTP(S) request after a Negotiate-authenticated one, when\nboth use the same host.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials.\n\nAn application that first uses Negotiate authentication to a server with\n`user1:password1` and then does another operation to the same server asking\nfor any authentication method but for `user2:password2` (while the previous\nconnection is still alive) - the second request gets confused and wrongly\nreuses the same connection and sends the new request over that connection\nthinking it uses a mix of user1\u0027s and user2\u0027s credentials when it is in fact\nstill using the connection authenticated for user1..."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-305 Authentication Bypass by Primary Weakness",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:27:26.065Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-5545.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-5545.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3642555"
            }
          ],
          "title": "wrong reuse of HTTP Negotiate connection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-5545",
        "datePublished": "2026-05-13T08:27:26.065Z",
        "dateReserved": "2026-04-04T12:10:07.125Z",
        "dateUpdated": "2026-05-13T17:46:40.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4873 (GCVE-0-2026-4873)

    Vulnerability from nvd – Published: 2026-05-13 08:27 – Updated: 2026-05-13 19:30
    VLAI
    Title
    connection reuse ignores TLS requirement
    Summary
    A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Create a notification for this product.
    Credits
    Arkadi Vainbrand Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-13T09:05:12.559Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/7"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4873",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T19:29:14.521822Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-319",
                    "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T19:30:04.825Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Arkadi Vainbrand"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists where a connection requiring TLS incorrectly reuses an\nexisting unencrypted connection from the same connection pool. If an initial\ntransfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request\nto that same host bypasses the TLS requirement and instead transmit data\nunencrypted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:27:04.538Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-4873.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-4873.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3621851"
            }
          ],
          "title": "connection reuse ignores TLS requirement"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-4873",
        "datePublished": "2026-05-13T08:27:04.538Z",
        "dateReserved": "2026-03-26T05:38:02.098Z",
        "dateUpdated": "2026-05-13T19:30:04.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3805 (GCVE-0-2026-3805)

    Vulnerability from nvd – Published: 2026-03-11 10:09 – Updated: 2026-03-11 15:45
    VLAI
    Title
    use after free in SMB connection reuse
    Summary
    When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Create a notification for this product.
    Credits
    Daniel Wade Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-11T10:16:34.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/11/4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3805",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T15:45:10.217077Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T15:45:38.820Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Wade"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-416 Use After Free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T10:09:37.729Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-3805.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-3805.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3591944"
            }
          ],
          "title": "use after free in SMB connection reuse"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-3805",
        "datePublished": "2026-03-11T10:09:37.729Z",
        "dateReserved": "2026-03-08T16:07:39.817Z",
        "dateUpdated": "2026-03-11T15:45:38.820Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3784 (GCVE-0-2026-3784)

    Vulnerability from nvd – Published: 2026-03-11 10:09 – Updated: 2026-06-02 13:00
    VLAI
    Title
    wrong proxy connection reuse with credentials
    Summary
    curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Affected: 7.13.2 , ≤ 7.13.2 (semver)
    Affected: 7.13.1 , ≤ 7.13.1 (semver)
    Affected: 7.13.0 , ≤ 7.13.0 (semver)
    Affected: 7.12.3 , ≤ 7.12.3 (semver)
    Affected: 7.12.2 , ≤ 7.12.2 (semver)
    Affected: 7.12.1 , ≤ 7.12.1 (semver)
    Affected: 7.12.0 , ≤ 7.12.0 (semver)
    Affected: 7.11.2 , ≤ 7.11.2 (semver)
    Affected: 7.11.1 , ≤ 7.11.1 (semver)
    Affected: 7.11.0 , ≤ 7.11.0 (semver)
    Affected: 7.10.8 , ≤ 7.10.8 (semver)
    Affected: 7.10.7 , ≤ 7.10.7 (semver)
    Affected: 7.10.6 , ≤ 7.10.6 (semver)
    Affected: 7.10.5 , ≤ 7.10.5 (semver)
    Affected: 7.10.4 , ≤ 7.10.4 (semver)
    Affected: 7.10.3 , ≤ 7.10.3 (semver)
    Affected: 7.10.2 , ≤ 7.10.2 (semver)
    Affected: 7.10.1 , ≤ 7.10.1 (semver)
    Affected: 7.10 , ≤ 7.10 (semver)
    Affected: 7.9.8 , ≤ 7.9.8 (semver)
    Affected: 7.9.7 , ≤ 7.9.7 (semver)
    Affected: 7.9.6 , ≤ 7.9.6 (semver)
    Affected: 7.9.5 , ≤ 7.9.5 (semver)
    Affected: 7.9.4 , ≤ 7.9.4 (semver)
    Affected: 7.9.3 , ≤ 7.9.3 (semver)
    Affected: 7.9.2 , ≤ 7.9.2 (semver)
    Affected: 7.9.1 , ≤ 7.9.1 (semver)
    Affected: 7.9 , ≤ 7.9 (semver)
    Affected: 7.8.1 , ≤ 7.8.1 (semver)
    Affected: 7.8 , ≤ 7.8 (semver)
    Affected: 7.7.3 , ≤ 7.7.3 (semver)
    Affected: 7.7.2 , ≤ 7.7.2 (semver)
    Affected: 7.7.1 , ≤ 7.7.1 (semver)
    Affected: 7.7 , ≤ 7.7 (semver)
    Create a notification for this product.
    Siemens RUGGEDCOM RST2428P Affected: 0 , < V4.0 (custom)
    Create a notification for this product.
    Credits
    Muhamad Arga Reksapati (HackerOne: nobcoder) Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-11T10:16:32.844Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/11/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3784",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T15:48:38.785522Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-305",
                    "description": "CWE-305 Authentication Bypass by Primary Weakness",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T15:48:41.725Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM RST2428P",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T13:00:43.860Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.2",
                  "status": "affected",
                  "version": "7.13.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.1",
                  "status": "affected",
                  "version": "7.13.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.0",
                  "status": "affected",
                  "version": "7.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.3",
                  "status": "affected",
                  "version": "7.12.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.2",
                  "status": "affected",
                  "version": "7.12.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.0",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.2",
                  "status": "affected",
                  "version": "7.11.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.1",
                  "status": "affected",
                  "version": "7.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.0",
                  "status": "affected",
                  "version": "7.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.8",
                  "status": "affected",
                  "version": "7.10.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.7",
                  "status": "affected",
                  "version": "7.10.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.6",
                  "status": "affected",
                  "version": "7.10.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.5",
                  "status": "affected",
                  "version": "7.10.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.4",
                  "status": "affected",
                  "version": "7.10.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.3",
                  "status": "affected",
                  "version": "7.10.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.2",
                  "status": "affected",
                  "version": "7.10.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.1",
                  "status": "affected",
                  "version": "7.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10",
                  "status": "affected",
                  "version": "7.10",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.8",
                  "status": "affected",
                  "version": "7.9.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.7",
                  "status": "affected",
                  "version": "7.9.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.6",
                  "status": "affected",
                  "version": "7.9.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.5",
                  "status": "affected",
                  "version": "7.9.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.4",
                  "status": "affected",
                  "version": "7.9.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.3",
                  "status": "affected",
                  "version": "7.9.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.2",
                  "status": "affected",
                  "version": "7.9.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.1",
                  "status": "affected",
                  "version": "7.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9",
                  "status": "affected",
                  "version": "7.9",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.8.1",
                  "status": "affected",
                  "version": "7.8.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.8",
                  "status": "affected",
                  "version": "7.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.3",
                  "status": "affected",
                  "version": "7.7.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.2",
                  "status": "affected",
                  "version": "7.7.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.1",
                  "status": "affected",
                  "version": "7.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7",
                  "status": "affected",
                  "version": "7.7",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhamad Arga Reksapati (HackerOne: nobcoder)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-305 Authentication Bypass by Primary Weakness",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T10:09:21.418Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-3784.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-3784.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3584903"
            }
          ],
          "title": "wrong proxy connection reuse with credentials"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-3784",
        "datePublished": "2026-03-11T10:09:21.418Z",
        "dateReserved": "2026-03-08T05:09:52.279Z",
        "dateUpdated": "2026-06-02T13:00:43.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3783 (GCVE-0-2026-3783)

    Vulnerability from nvd – Published: 2026-03-11 10:09 – Updated: 2026-03-11 14:26
    VLAI
    Title
    token leak with redirect and netrc
    Summary
    When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Create a notification for this product.
    Credits
    spectreglobalsec on hackerone Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-11T10:16:31.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/11/2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3783",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T14:25:28.836990Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-522",
                    "description": "CWE-522 Insufficiently Protected Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T14:26:10.788Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "spectreglobalsec on hackerone"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T10:09:08.746Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-3783.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-3783.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3583983"
            }
          ],
          "title": "token leak with redirect and netrc"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-3783",
        "datePublished": "2026-03-11T10:09:08.746Z",
        "dateReserved": "2026-03-08T05:09:09.891Z",
        "dateUpdated": "2026-03-11T14:26:10.788Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1965 (GCVE-0-2026-1965)

    Vulnerability from nvd – Published: 2026-03-11 10:08 – Updated: 2026-03-11 14:32
    VLAI
    Title
    bad reuse of HTTP Negotiate connection
    Summary
    libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Affected: 7.13.2 , ≤ 7.13.2 (semver)
    Affected: 7.13.1 , ≤ 7.13.1 (semver)
    Affected: 7.13.0 , ≤ 7.13.0 (semver)
    Affected: 7.12.3 , ≤ 7.12.3 (semver)
    Affected: 7.12.2 , ≤ 7.12.2 (semver)
    Affected: 7.12.1 , ≤ 7.12.1 (semver)
    Affected: 7.12.0 , ≤ 7.12.0 (semver)
    Affected: 7.11.2 , ≤ 7.11.2 (semver)
    Affected: 7.11.1 , ≤ 7.11.1 (semver)
    Affected: 7.11.0 , ≤ 7.11.0 (semver)
    Affected: 7.10.8 , ≤ 7.10.8 (semver)
    Affected: 7.10.7 , ≤ 7.10.7 (semver)
    Affected: 7.10.6 , ≤ 7.10.6 (semver)
    Create a notification for this product.
    Credits
    Zhicheng Chen Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1965",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T14:31:56.061598Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-305",
                    "description": "CWE-305 Authentication Bypass by Primary Weakness",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T14:32:38.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.2",
                  "status": "affected",
                  "version": "7.13.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.1",
                  "status": "affected",
                  "version": "7.13.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.0",
                  "status": "affected",
                  "version": "7.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.3",
                  "status": "affected",
                  "version": "7.12.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.2",
                  "status": "affected",
                  "version": "7.12.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.0",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.2",
                  "status": "affected",
                  "version": "7.11.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.1",
                  "status": "affected",
                  "version": "7.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.0",
                  "status": "affected",
                  "version": "7.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.8",
                  "status": "affected",
                  "version": "7.10.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.7",
                  "status": "affected",
                  "version": "7.10.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.6",
                  "status": "affected",
                  "version": "7.10.6",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Zhicheng Chen"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with  `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl\u0027s reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-305 Authentication Bypass by Primary Weakness",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T10:08:52.431Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-1965.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-1965.html"
            }
          ],
          "title": "bad reuse of HTTP Negotiate connection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-1965",
        "datePublished": "2026-03-11T10:08:52.431Z",
        "dateReserved": "2026-02-05T11:00:50.882Z",
        "dateUpdated": "2026-03-11T14:32:38.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7168 (GCVE-0-2026-7168)

    Vulnerability from cvelistv5 – Published: 2026-05-13 08:29 – Updated: 2026-06-23 16:12
    VLAI
    Title
    cross-proxy Digest auth state leak
    Summary
    Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Affected: 7.13.2 , ≤ 7.13.2 (semver)
    Affected: 7.13.1 , ≤ 7.13.1 (semver)
    Affected: 7.13.0 , ≤ 7.13.0 (semver)
    Affected: 7.12.3 , ≤ 7.12.3 (semver)
    Affected: 7.12.2 , ≤ 7.12.2 (semver)
    Affected: 7.12.1 , ≤ 7.12.1 (semver)
    Affected: 7.12.0 , ≤ 7.12.0 (semver)
    Create a notification for this product.
    Credits
    Muhamad Arga Reksapati Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-13T09:05:54.907Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/14"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7168",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:18:10.734219Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T16:12:24.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3697719"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.2",
                  "status": "affected",
                  "version": "7.13.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.1",
                  "status": "affected",
                  "version": "7.13.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.0",
                  "status": "affected",
                  "version": "7.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.3",
                  "status": "affected",
                  "version": "7.12.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.2",
                  "status": "affected",
                  "version": "7.12.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.0",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhamad Arga Reksapati"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Successfully using libcurl to do a transfer over a specific HTTP proxy\n(`proxyA`) with **Digest** authentication and then changing the proxy host to\na second one (`proxyB`) for a second transfer, reusing the same handle, makes\nlibcurl wrongly pass on the `Proxy-Authorization:` header field meant for\n`proxyA`, to `proxyB`."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-294 Authentication Bypass by Capture-replay",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:29:08.900Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-7168.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-7168.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3697719"
            }
          ],
          "title": "cross-proxy Digest auth state leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-7168",
        "datePublished": "2026-05-13T08:29:08.900Z",
        "dateReserved": "2026-04-27T07:37:37.172Z",
        "dateUpdated": "2026-06-23T16:12:24.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7009 (GCVE-0-2026-7009)

    Vulnerability from cvelistv5 – Published: 2026-05-13 08:28 – Updated: 2026-05-13 14:20
    VLAI
    Title
    OCSP stapling bypass with Apple SecTrust
    Summary
    When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Create a notification for this product.
    Credits
    Carlos Carrillo Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-13T09:05:48.665Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/12"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7009",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:20:11.436717Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:20:33.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3694390"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Carlos Carrillo"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When curl is told to use the Certificate Status Request TLS extension, often\nreferred to as *OCSP stapling*, to verify that the server certificate is\nvalid, it fails to detect OCSP problems and instead wrongly consider the\nresponse as fine."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:28:53.697Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-7009.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-7009.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3694390"
            }
          ],
          "title": "OCSP stapling bypass with Apple SecTrust"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-7009",
        "datePublished": "2026-05-13T08:28:53.697Z",
        "dateReserved": "2026-04-25T08:37:24.989Z",
        "dateUpdated": "2026-05-13T14:20:33.908Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6429 (GCVE-0-2026-6429)

    Vulnerability from cvelistv5 – Published: 2026-05-13 08:28 – Updated: 2026-05-13 14:03
    VLAI
    Title
    netrc credential leak with reused proxy connection
    Summary
    When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Create a notification for this product.
    Credits
    Muhamad Arga Reksapati Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6429",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:03:52.312824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:03:55.343Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhamad Arga Reksapati"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, libcurl could leak the password used for the first host to the\nfollowed-to host under certain circumstances."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:28:36.166Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-6429.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-6429.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3677759"
            }
          ],
          "title": "netrc credential leak with reused proxy connection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-6429",
        "datePublished": "2026-05-13T08:28:36.166Z",
        "dateReserved": "2026-04-16T14:48:02.991Z",
        "dateUpdated": "2026-05-13T14:03:55.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6276 (GCVE-0-2026-6276)

    Vulnerability from cvelistv5 – Published: 2026-05-13 08:28 – Updated: 2026-05-13 17:26
    VLAI
    Title
    stale custom cookie host causes cookie leak
    Summary
    Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Create a notification for this product.
    Credits
    Muhamad Arga Reksapati Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-13T09:05:37.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/13"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6276",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T17:24:29.094167Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T17:26:06.894Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3671818"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhamad Arga Reksapati"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Using libcurl, when a custom `Host:` header is first set for an HTTP request\nand a second request is subsequently done using the same *easy handle* but\nwithout the custom `Host:` header set, the second request would use stale\ninformation and pass on cookies meant for the first host in the second\nrequest. Leak them."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:28:19.273Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-6276.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-6276.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3671818"
            }
          ],
          "title": "stale custom cookie host causes cookie leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-6276",
        "datePublished": "2026-05-13T08:28:19.273Z",
        "dateReserved": "2026-04-14T14:01:54.772Z",
        "dateUpdated": "2026-05-13T17:26:06.894Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6253 (GCVE-0-2026-6253)

    Vulnerability from cvelistv5 – Published: 2026-05-13 08:28 – Updated: 2026-05-13 17:42
    VLAI
    Title
    proxy credentials leak over redirect-to proxy
    Summary
    curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Create a notification for this product.
    Credits
    Dwij Mehta (O2 Lab Texas A&M University) Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-13T09:05:31.000Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/11"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6253",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T17:42:30.813126Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T17:42:40.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3669637"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dwij Mehta (O2 Lab"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Texas A\u0026M University)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "curl might erroneously pass on credentials for a first proxy to a second\nproxy.\n\nThis can happen when the following conditions are true:\n\n1. curl is setup to use specific different proxies for different URL schemes\n2. the first proxy needs credentials\n3. the second proxy uses no credentials\n4. while using the first proxy (using say `http://`), curl is asked to follow\n   a redirect to a URL using another scheme (say `https://`), accessed using a\n   second, different, proxy"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:28:03.004Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-6253.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-6253.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3669637"
            }
          ],
          "title": "proxy credentials leak over redirect-to proxy"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-6253",
        "datePublished": "2026-05-13T08:28:03.004Z",
        "dateReserved": "2026-04-13T20:11:11.991Z",
        "dateUpdated": "2026-05-13T17:42:40.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5773 (GCVE-0-2026-5773)

    Vulnerability from cvelistv5 – Published: 2026-05-13 08:27 – Updated: 2026-05-13 17:45
    VLAI
    Title
    wrong reuse of SMB connection
    Summary
    libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should. This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Create a notification for this product.
    Credits
    Osama Hamad Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-13T09:05:23.608Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/9"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5773",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T17:45:00.901945Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T17:45:08.173Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3650689"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Osama Hamad"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl might in some circumstances reuse the wrong connection for SMB(S)\ntransfers.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a network transfer operation that was requested by an\napplication could wrongfully reuse an existing SMB connection to the same\nserver that was using a different \u0027share\u0027 than the new subsequent transfer\nshould.\n\nThis could in unlucky situations lead to the download of the wrong file or the\nupload of a file to the wrong place. When this happens, the same credentials\nare used and the server name is the same."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-488 Exposure of Data Element to Wrong Session",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:27:42.342Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-5773.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-5773.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3650689"
            }
          ],
          "title": "wrong reuse of SMB connection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-5773",
        "datePublished": "2026-05-13T08:27:42.342Z",
        "dateReserved": "2026-04-08T06:51:05.356Z",
        "dateUpdated": "2026-05-13T17:45:08.173Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5545 (GCVE-0-2026-5545)

    Vulnerability from cvelistv5 – Published: 2026-05-13 08:27 – Updated: 2026-05-13 17:46
    VLAI
    Title
    wrong reuse of HTTP Negotiate connection
    Summary
    libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. An application that first uses Negotiate authentication to a server with `user1:password1` and then does another operation to the same server asking for any authentication method but for `user2:password2` (while the previous connection is still alive) - the second request gets confused and wrongly reuses the same connection and sends the new request over that connection thinking it uses a mix of user1's and user2's credentials when it is in fact still using the connection authenticated for user1...
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Affected: 7.13.2 , ≤ 7.13.2 (semver)
    Affected: 7.13.1 , ≤ 7.13.1 (semver)
    Affected: 7.13.0 , ≤ 7.13.0 (semver)
    Affected: 7.12.3 , ≤ 7.12.3 (semver)
    Affected: 7.12.2 , ≤ 7.12.2 (semver)
    Affected: 7.12.1 , ≤ 7.12.1 (semver)
    Affected: 7.12.0 , ≤ 7.12.0 (semver)
    Affected: 7.11.2 , ≤ 7.11.2 (semver)
    Affected: 7.11.1 , ≤ 7.11.1 (semver)
    Affected: 7.11.0 , ≤ 7.11.0 (semver)
    Affected: 7.10.8 , ≤ 7.10.8 (semver)
    Affected: 7.10.7 , ≤ 7.10.7 (semver)
    Affected: 7.10.6 , ≤ 7.10.6 (semver)
    Create a notification for this product.
    Credits
    Quac Tran and Ngoc Hieu Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5545",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T17:46:36.115262Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T17:46:40.830Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3642555"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.2",
                  "status": "affected",
                  "version": "7.13.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.1",
                  "status": "affected",
                  "version": "7.13.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.0",
                  "status": "affected",
                  "version": "7.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.3",
                  "status": "affected",
                  "version": "7.12.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.2",
                  "status": "affected",
                  "version": "7.12.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.0",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.2",
                  "status": "affected",
                  "version": "7.11.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.1",
                  "status": "affected",
                  "version": "7.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.0",
                  "status": "affected",
                  "version": "7.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.8",
                  "status": "affected",
                  "version": "7.10.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.7",
                  "status": "affected",
                  "version": "7.10.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.6",
                  "status": "affected",
                  "version": "7.10.6",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Quac Tran and Ngoc Hieu"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl might in some circumstances reuse the wrong connection when asked to\ndo an authenticated HTTP(S) request after a Negotiate-authenticated one, when\nboth use the same host.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials.\n\nAn application that first uses Negotiate authentication to a server with\n`user1:password1` and then does another operation to the same server asking\nfor any authentication method but for `user2:password2` (while the previous\nconnection is still alive) - the second request gets confused and wrongly\nreuses the same connection and sends the new request over that connection\nthinking it uses a mix of user1\u0027s and user2\u0027s credentials when it is in fact\nstill using the connection authenticated for user1..."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-305 Authentication Bypass by Primary Weakness",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:27:26.065Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-5545.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-5545.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3642555"
            }
          ],
          "title": "wrong reuse of HTTP Negotiate connection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-5545",
        "datePublished": "2026-05-13T08:27:26.065Z",
        "dateReserved": "2026-04-04T12:10:07.125Z",
        "dateUpdated": "2026-05-13T17:46:40.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4873 (GCVE-0-2026-4873)

    Vulnerability from cvelistv5 – Published: 2026-05-13 08:27 – Updated: 2026-05-13 19:30
    VLAI
    Title
    connection reuse ignores TLS requirement
    Summary
    A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Create a notification for this product.
    Credits
    Arkadi Vainbrand Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-13T09:05:12.559Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/7"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4873",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T19:29:14.521822Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-319",
                    "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T19:30:04.825Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Arkadi Vainbrand"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists where a connection requiring TLS incorrectly reuses an\nexisting unencrypted connection from the same connection pool. If an initial\ntransfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request\nto that same host bypasses the TLS requirement and instead transmit data\nunencrypted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:27:04.538Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-4873.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-4873.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3621851"
            }
          ],
          "title": "connection reuse ignores TLS requirement"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-4873",
        "datePublished": "2026-05-13T08:27:04.538Z",
        "dateReserved": "2026-03-26T05:38:02.098Z",
        "dateUpdated": "2026-05-13T19:30:04.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3805 (GCVE-0-2026-3805)

    Vulnerability from cvelistv5 – Published: 2026-03-11 10:09 – Updated: 2026-03-11 15:45
    VLAI
    Title
    use after free in SMB connection reuse
    Summary
    When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Create a notification for this product.
    Credits
    Daniel Wade Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-11T10:16:34.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/11/4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3805",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T15:45:10.217077Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T15:45:38.820Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Wade"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-416 Use After Free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T10:09:37.729Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-3805.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-3805.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3591944"
            }
          ],
          "title": "use after free in SMB connection reuse"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-3805",
        "datePublished": "2026-03-11T10:09:37.729Z",
        "dateReserved": "2026-03-08T16:07:39.817Z",
        "dateUpdated": "2026-03-11T15:45:38.820Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3784 (GCVE-0-2026-3784)

    Vulnerability from cvelistv5 – Published: 2026-03-11 10:09 – Updated: 2026-06-02 13:00
    VLAI
    Title
    wrong proxy connection reuse with credentials
    Summary
    curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Affected: 7.13.2 , ≤ 7.13.2 (semver)
    Affected: 7.13.1 , ≤ 7.13.1 (semver)
    Affected: 7.13.0 , ≤ 7.13.0 (semver)
    Affected: 7.12.3 , ≤ 7.12.3 (semver)
    Affected: 7.12.2 , ≤ 7.12.2 (semver)
    Affected: 7.12.1 , ≤ 7.12.1 (semver)
    Affected: 7.12.0 , ≤ 7.12.0 (semver)
    Affected: 7.11.2 , ≤ 7.11.2 (semver)
    Affected: 7.11.1 , ≤ 7.11.1 (semver)
    Affected: 7.11.0 , ≤ 7.11.0 (semver)
    Affected: 7.10.8 , ≤ 7.10.8 (semver)
    Affected: 7.10.7 , ≤ 7.10.7 (semver)
    Affected: 7.10.6 , ≤ 7.10.6 (semver)
    Affected: 7.10.5 , ≤ 7.10.5 (semver)
    Affected: 7.10.4 , ≤ 7.10.4 (semver)
    Affected: 7.10.3 , ≤ 7.10.3 (semver)
    Affected: 7.10.2 , ≤ 7.10.2 (semver)
    Affected: 7.10.1 , ≤ 7.10.1 (semver)
    Affected: 7.10 , ≤ 7.10 (semver)
    Affected: 7.9.8 , ≤ 7.9.8 (semver)
    Affected: 7.9.7 , ≤ 7.9.7 (semver)
    Affected: 7.9.6 , ≤ 7.9.6 (semver)
    Affected: 7.9.5 , ≤ 7.9.5 (semver)
    Affected: 7.9.4 , ≤ 7.9.4 (semver)
    Affected: 7.9.3 , ≤ 7.9.3 (semver)
    Affected: 7.9.2 , ≤ 7.9.2 (semver)
    Affected: 7.9.1 , ≤ 7.9.1 (semver)
    Affected: 7.9 , ≤ 7.9 (semver)
    Affected: 7.8.1 , ≤ 7.8.1 (semver)
    Affected: 7.8 , ≤ 7.8 (semver)
    Affected: 7.7.3 , ≤ 7.7.3 (semver)
    Affected: 7.7.2 , ≤ 7.7.2 (semver)
    Affected: 7.7.1 , ≤ 7.7.1 (semver)
    Affected: 7.7 , ≤ 7.7 (semver)
    Create a notification for this product.
    Siemens RUGGEDCOM RST2428P Affected: 0 , < V4.0 (custom)
    Create a notification for this product.
    Credits
    Muhamad Arga Reksapati (HackerOne: nobcoder) Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-11T10:16:32.844Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/11/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3784",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T15:48:38.785522Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-305",
                    "description": "CWE-305 Authentication Bypass by Primary Weakness",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T15:48:41.725Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM RST2428P",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T13:00:43.860Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.2",
                  "status": "affected",
                  "version": "7.13.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.1",
                  "status": "affected",
                  "version": "7.13.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.0",
                  "status": "affected",
                  "version": "7.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.3",
                  "status": "affected",
                  "version": "7.12.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.2",
                  "status": "affected",
                  "version": "7.12.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.0",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.2",
                  "status": "affected",
                  "version": "7.11.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.1",
                  "status": "affected",
                  "version": "7.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.0",
                  "status": "affected",
                  "version": "7.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.8",
                  "status": "affected",
                  "version": "7.10.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.7",
                  "status": "affected",
                  "version": "7.10.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.6",
                  "status": "affected",
                  "version": "7.10.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.5",
                  "status": "affected",
                  "version": "7.10.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.4",
                  "status": "affected",
                  "version": "7.10.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.3",
                  "status": "affected",
                  "version": "7.10.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.2",
                  "status": "affected",
                  "version": "7.10.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.1",
                  "status": "affected",
                  "version": "7.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10",
                  "status": "affected",
                  "version": "7.10",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.8",
                  "status": "affected",
                  "version": "7.9.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.7",
                  "status": "affected",
                  "version": "7.9.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.6",
                  "status": "affected",
                  "version": "7.9.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.5",
                  "status": "affected",
                  "version": "7.9.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.4",
                  "status": "affected",
                  "version": "7.9.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.3",
                  "status": "affected",
                  "version": "7.9.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.2",
                  "status": "affected",
                  "version": "7.9.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.1",
                  "status": "affected",
                  "version": "7.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9",
                  "status": "affected",
                  "version": "7.9",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.8.1",
                  "status": "affected",
                  "version": "7.8.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.8",
                  "status": "affected",
                  "version": "7.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.3",
                  "status": "affected",
                  "version": "7.7.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.2",
                  "status": "affected",
                  "version": "7.7.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.1",
                  "status": "affected",
                  "version": "7.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7",
                  "status": "affected",
                  "version": "7.7",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhamad Arga Reksapati (HackerOne: nobcoder)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-305 Authentication Bypass by Primary Weakness",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T10:09:21.418Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-3784.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-3784.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3584903"
            }
          ],
          "title": "wrong proxy connection reuse with credentials"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-3784",
        "datePublished": "2026-03-11T10:09:21.418Z",
        "dateReserved": "2026-03-08T05:09:52.279Z",
        "dateUpdated": "2026-06-02T13:00:43.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3783 (GCVE-0-2026-3783)

    Vulnerability from cvelistv5 – Published: 2026-03-11 10:09 – Updated: 2026-03-11 14:26
    VLAI
    Title
    token leak with redirect and netrc
    Summary
    When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Create a notification for this product.
    Credits
    spectreglobalsec on hackerone Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-11T10:16:31.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/11/2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3783",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T14:25:28.836990Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-522",
                    "description": "CWE-522 Insufficiently Protected Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T14:26:10.788Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "spectreglobalsec on hackerone"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T10:09:08.746Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-3783.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-3783.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3583983"
            }
          ],
          "title": "token leak with redirect and netrc"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-3783",
        "datePublished": "2026-03-11T10:09:08.746Z",
        "dateReserved": "2026-03-08T05:09:09.891Z",
        "dateUpdated": "2026-03-11T14:26:10.788Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-202206-1900

    Vulnerability from variot - Updated: 2026-04-10 23:28

    curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/

    Security fixes:

    • golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

    • moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)

    • nodejs16: CRLF injection in node-undici (CVE-2022-31150)

    • nodejs/undici: Cookie headers uncleared on cross-origin redirect (CVE-2022-31151)

    • vm2: Sandbox Escape in vm2 (CVE-2022-36067)

    Bug fixes:

    • RHACM 2.4 using deprecated APIs in managed clusters (BZ# 2041540)

    • vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes (BZ# 2074766)

    • cluster update status is stuck, also update is not even visible (BZ# 2079418)

    • Policy that creates cluster role is showing as not compliant due to Request entity too large message (BZ# 2088486)

    • Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster (BZ# 2089490)

    • ACM Console Becomes Unusable After a Time (BZ# 2097464)

    • RHACM 2.4.6 images (BZ# 2100613)

    • Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster (BZ# 2102436)

    • ManagedClusters in Pending import state after ACM hub migration (BZ# 2102495)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2041540 - RHACM 2.4 using deprecated APIs in managed clusters 2074766 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes 2079418 - cluster update status is stuck, also update is not even visible 2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message 2089490 - Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2097464 - ACM Console Becomes Unusable After a Time 2100613 - RHACM 2.4.6 images 2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster 2102495 - ManagedClusters in Pending import state after ACM hub migration 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici 2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

    1. JIRA issues fixed (https://issues.jboss.org/):

    LOG-2647 - Add link to log console from pod views LOG-2801 - After upgrade all logs are stored in app indices LOG-2917 - Changing refresh interval throws error when the 'Query' field is empty

    1. This advisory contains the following OpenShift Virtualization 4.12.0 images:

    Security Fix(es):

    • golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)

    • kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)

    • golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)

    • golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)

    • golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)

    • golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

    • golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)

    • golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)

    • golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)

    • golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

    • golang: syscall: faccessat checks wrong group (CVE-2022-29526)

    • golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

    • golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

    • golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

    • golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

    • golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

    • golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

    • golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    RHEL-8-CNV-4.12

    ============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89

    1. Solution:

    Before applying this update, you must apply all previously released errata relevant to your system.

    To apply this update, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1719190 - Unable to cancel live-migration if virt-launcher pod in pending state 2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040377 - Unable to delete failed VMIM after VM deleted 2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed 2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2060499 - [RFE] Cannot add additional service (or other objects) to VM template 2069098 - Large scale |VMs migration is slow due to low migration parallelism 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2071491 - Storage Throughput metrics are incorrect in Overview 2072797 - Metrics in Virtualization -> Overview period is not clear or configurable 2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers 2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode 2086551 - Min CPU feature found in labels 2087724 - Default template show no boot source even there are auto-upload boot sources 2088129 - [SSP] webhook does not comply with restricted security context 2088464 - [CDI] cdi-deployment does not comply with restricted security context 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2089744 - HCO should label its control plane namespace to admit pods at privileged security level 2089751 - 4.12.0 containers 2089804 - 4.12.0 rpms 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer 2093771 - The disk source should be PVC if the template has no auto-update boot source 2093996 - kubectl get vmi API should always return primary interface if exist 2094202 - Cloud-init username field should have hint 2096285 - KubeVirt CR API documentation is missing docs for many fields 2096780 - [RFE] Add ssh-key and sysprep to template scripts tab 2097436 - Online disk expansion ignores filesystem overhead change 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2099556 - [RFE] Add option to enable RDP service for windows vm 2099573 - [RFE] Improve template's message about not editable 2099923 - [RFE] Merge "SSH access" and "SSH command" into one 2100290 - Error is not dismissed on catalog review page 2100436 - VM list filtering ignores VMs in error-states 2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2100629 - Update nested support KBASE article 2100679 - The number of hardware devices is not correct in vm overview tab 2100682 - All hardware devices get deleted while just delete one 2100684 - Workload profile are not editable during creation and after creation 2101144 - VM filter has two "Other" checkboxes which are triggered together 2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode 2101167 - Edit buttons clickable area is too large. 2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id 2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state 2101390 - Easy to miss the "tick" when adding GPU device to vm via UI 2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id 2101423 - wrong user name on using ignition 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2101445 - "Pending changes - Boot Order" 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2101499 - Cannot add NIC to VM template as non-priv user 2101501 - NAME parameter in VM template has no effect. 2101628 - non-priv user cannot load dataSource while edit template's rootdisk 2101667 - VMI view is not aligned with vm and tempates 2101681 - All templates are labeling "source available" in template list page 2102074 - VM Creation time on VM Overview Details card lacks string 2102125 - vm clone modal is displaying DV size instead of PVC size 2102132 - align the utilization card of single VM overview with the design 2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"? 2102256 - Add button moved to right 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other' 2102561 - sysprep-info should link to downstream doc 2102737 - Clone a VM should lead to vm overview tab 2102740 - "Save" button on vm clone modal should be "Clone" 2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab 2103807 - PVC is not named by VM name while creating vm quickly 2103817 - Workload profile values in vm details should align with template's value 2103844 - VM nic model is empty 2104331 - VM list page scroll up automatically 2104402 - VM create button is not enabled while adding multiple environment disks 2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed 2104424 - Enable descheduler or hide it on template's scheduling tab 2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted 2104480 - Alerts in VM overview tab disappeared after a few seconds 2104785 - "Add disk" and "Disks" are on the same line 2104859 - [RFE] Add "Copy SSH command" to VM action list 2105257 - Can't set log verbosity level for virt-operator pod 2106175 - All pages are crashed after visit Virtualization -> Overview 2106963 - Cannot add configmap for windows VM 2107279 - VM Template's bootable disk can be marked as bootable 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108339 - datasource does not provide timestamp when updated 2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed 2109818 - Upstream metrics documentation is not detailed enough 2109975 - DataVolume fails to import "cirros-container-disk-demo" image 2110256 - Storage -> PVC -> upload data, does not support source reference 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2111240 - GiB changes to B in Template's Edit boot source reference modal 2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics 2111328 - kubevirt plugin console crashed after visit vmi page 2111378 - VM SSH command generated by UI points at api VIP 2111744 - Cloned template should not label app.kubernetes.io/name: common-templates 2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi) 2112900 - button style are different 2114516 - Nothing happens after clicking on Fedora cloud image list link 2114636 - The style of displayed items are not unified on VM tabs 2114683 - VM overview tab is crashed just after the vm is created 2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12 2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items 2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates 2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF' 2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found" 2117549 - Cannot edit cloud-init data after add ssh key 2117803 - Cannot edit ssh even vm is stopped 2117813 - Improve descriptive text of VM details while VM is off 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 2118257 - outdated doc link tolerations modal 2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format 2119069 - Unable to start windows VMs on PSI setups 2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2119309 - readinessProbe in VM stays on failed 2119615 - Change the disk size causes the unit changed 2120907 - Cannot filter disks by label 2121320 - Negative values in migration metrics 2122236 - Failing to delete HCO with SSP sticking around 2122990 - VMExport should check APIGroup 2124147 - "ReadOnlyMany" should not be added to supported values in memory dump 2124307 - Ui crash/stuck on loading when trying to detach disk on a VM 2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it 2124555 - View documentation link on MigrationPolicies page des not work 2124557 - MigrationPolicy description is not displayed on Details page 2124558 - Non-privileged user can start MigrationPolicy creation 2124565 - Deleted DataSource reappears in list 2124572 - First annotation can not be added to DataSource 2124582 - Filtering VMs by OS does not work 2124594 - Docker URL validation is inconsistent over application 2124597 - Wrong case in Create DataSource menu 2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile 2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state 2127787 - Expose the PVC source of the dataSource on UI 2127843 - UI crashed by selecting "Live migration network" 2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes 2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer 2128002 - Error after VM template deletion 2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards 2128872 - [4.11]Can't restore cloned VM 2128948 - Cannot create DataSource from default YAML 2128949 - Cannot create MigrationPolicy from example YAML 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129234 - Service is not deleted along with the VM when the VM is created from a template with service 2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data' 2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook 2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV 2130588 - crypto-policy : Common Ciphers support by apiserver and hco 2130695 - crypto-policy : Logging Improvement and publish the source of ciphers 2130909 - Non-privileged user can start DataSource creation 2131157 - KV data transfer rate chart in VM Metrics tab is not displayed 2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough 2131674 - Bump virtlogd memory requirement to 20Mi 2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11 2132682 - Default YAML entity name convention. 2132721 - Delete dialogs 2132744 - Description text is missing in Live Migrations section 2132746 - Background is broken in Virtualization Monitoring page 2132783 - VM can not be created from Template with edited boot source 2132793 - Edited Template BSR is not saved 2132932 - Typo in PVC size units menu 2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed 2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed 2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed 2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed 2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed 2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed 2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed 2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed 2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod 2134672 - [e2e] add data-test-id for catalog -> storage section 2134825 - Authorization for expand-spec endpoint missing 2135805 - Windows 2022 template is missing vTPM and UEFI params in spec 2136051 - Name jumping when trying to create a VM with source from catalog 2136425 - Windows 11 is detected as Windows 10 2136534 - Not possible to specify a TTL on VMExports 2137123 - VMExport: export pod is not PSA complaint 2137241 - Checkbox about delete vm disks is not loaded while deleting VM 2137243 - registery input add docker prefix twice 2137349 - "Manage source" action infinitely loading on DataImportCron details page 2137591 - Inconsistent dialog headings/titles 2137731 - Link of VM status in overview is not working 2137733 - No link for VMs in error status in "VirtualMachine statuses" card 2137736 - The column name "MigrationPolicy name" can just be "Name" 2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly 2138112 - Unsupported S3 endpoint option in Add disk modal 2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals 2138199 - Win11 and Win22 templates are not filtered properly by Template provider 2138653 - Saving Template prameters reloads the page 2138657 - Setting DATA_SOURCE_ Template parameters makes VM creation fail 2138664 - VM that was created with SSH key fails to start 2139257 - Cannot add disk via "Using an existing PVC" 2139260 - Clone button is disabled while VM is running 2139293 - Non-admin user cannot load VM list page 2139296 - Non-admin cannot load MigrationPolicies page 2139299 - No auto-generated VM name while creating VM by non-admin user 2139306 - Non-admin cannot create VM via customize mode 2139479 - virtualization overview crashes for non-priv user 2139574 - VM name gets "emptyname" if click the create button quickly 2139651 - non-priv user can click create when have no permissions 2139687 - catalog shows template list for non-priv users 2139738 - [4.12]Can't restore cloned VM 2139820 - non-priv user cant reach vm details 2140117 - Provide upgrade path from 4.11.1->4.12.0 2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project 2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user 2140627 - Not able to select storageClass if there is no default storageclass defined 2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user 2140808 - Hyperv feature set to "enabled: false" prevents scheduling 2140977 - Alerts number is not correct on Virtualization overview 2140982 - The base template of cloned template is "Not available" 2140998 - Incorrect information shows in overview page per namespace 2141089 - Unable to upload boot images. 2141302 - Unhealthy states alerts and state metrics are missing 2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations 2141494 - "Start in pause mode" option is not available while creating the VM 2141654 - warning log appearing on VMs: found no SR-IOV networks 2141711 - Node column selector is redundant for non-priv user 2142468 - VM action "Stop" should not be disabled when VM in pause state 2142470 - Delete a VM or template from all projects leads to 404 error 2142511 - Enhance alerts card in overview 2142647 - Error after MigrationPolicy deletion 2142891 - VM latency checkup: Failed to create the checkup's Job 2142929 - Permission denied when try get instancestypes 2143268 - Topolvm storageProfile missing accessModes and volumeMode 2143498 - Could not load template while creating VM from catalog 2143964 - Could not load template while creating VM from catalog 2144580 - "?" icon is too big in VM Template Disk tab 2144828 - "?" icon is too big in VM Template Disk tab 2144839 - Alerts number is not correct on Virtualization overview 2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten 2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container

    1. Description:

    Multicluster Engine for Kubernetes 2.0.2 images

    Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds.

    You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

    Security updates:

    • moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
    • vm2: Sandbox Escape in vm2 (CVE-2022-36067)

    Bug fix:

    • MCE 2.0.2 images (BZ# 2104569)

    • Solution:

    For multicluster engine for Kubernetes, see the following documentation for details on how to install the images:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2104569 - MCE 2.0.2 Images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2

    Bug Fix(es):

    • Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)

    • Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)

    • Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)

    • [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)

    • Fedora version in DataImportCrons is not 'latest' (BZ#2102694)

    • [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407)

    • CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls (BZ#2110562)

    • Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)

    • Unable to start windows VMs on PSI setups (BZ#2115371)

    • [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)

    • Mark Windows 11 as TechPreview (BZ#2129013)

    • 4.11.1 rpms (BZ#2139453)

    This advisory contains the following OpenShift Virtualization 4.11.1 images.

    RHEL-8-CNV-4.11

    virt-cdi-operator-container-v4.11.1-5 virt-cdi-uploadserver-container-v4.11.1-5 virt-cdi-apiserver-container-v4.11.1-5 virt-cdi-importer-container-v4.11.1-5 virt-cdi-controller-container-v4.11.1-5 virt-cdi-cloner-container-v4.11.1-5 virt-cdi-uploadproxy-container-v4.11.1-5 checkup-framework-container-v4.11.1-3 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7 kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7 kubevirt-template-validator-container-v4.11.1-4 virt-handler-container-v4.11.1-5 hostpath-provisioner-operator-container-v4.11.1-4 virt-api-container-v4.11.1-5 vm-network-latency-checkup-container-v4.11.1-3 cluster-network-addons-operator-container-v4.11.1-5 virtio-win-container-v4.11.1-4 virt-launcher-container-v4.11.1-5 ovs-cni-marker-container-v4.11.1-5 hyperconverged-cluster-webhook-container-v4.11.1-7 virt-controller-container-v4.11.1-5 virt-artifacts-server-container-v4.11.1-5 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7 libguestfs-tools-container-v4.11.1-5 hostpath-provisioner-container-v4.11.1-4 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7 kubevirt-tekton-tasks-copy-template-container-v4.11.1-7 cnv-containernetworking-plugins-container-v4.11.1-5 bridge-marker-container-v4.11.1-5 virt-operator-container-v4.11.1-5 hostpath-csi-driver-container-v4.11.1-4 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7 kubemacpool-container-v4.11.1-5 hyperconverged-cluster-operator-container-v4.11.1-7 kubevirt-ssp-operator-container-v4.11.1-4 ovs-cni-plugin-container-v4.11.1-5 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7 kubevirt-tekton-tasks-operator-container-v4.11.1-2 cnv-must-gather-container-v4.11.1-8 kubevirt-console-plugin-container-v4.11.1-9 hco-bundle-registry-container-v4.11.1-49

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update Advisory ID: RHSA-2022:8840-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:8840 Issue date: 2022-12-08 CVE Names: CVE-2022-1292 CVE-2022-2068 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-30522 CVE-2022-31813 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-35252 CVE-2022-42915 CVE-2022-42916 ==================================================================== 1. Summary:

    An update is now available for Red Hat JBoss Core Services.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64

    1. Description:

    Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

    This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

    Security Fix(es):

    • curl: HSTS bypass via IDN (CVE-2022-42916)

    • curl: HTTP proxy double-free (CVE-2022-42915)

    • curl: POST following PUT confusion (CVE-2022-32221)

    • httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)

    • httpd: mod_sed: DoS vulnerability (CVE-2022-30522)

    • httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)

    • httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)

    • httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)

    • curl: control code in cookie denial of service (CVE-2022-35252)

    • jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)

    • curl: Unpreserved file permissions (CVE-2022-32207)

    • curl: various flaws (CVE-2022-32206 CVE-2022-32208)

    • openssl: the c_rehash script allows command injection (CVE-2022-2068)

    • openssl: c_rehash script allows command injection (CVE-2022-1292)

    • jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)

    • jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match() 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 2120718 - CVE-2022-35252 curl: control code in cookie denial of service 2135411 - CVE-2022-32221 curl: POST following PUT confusion 2135413 - CVE-2022-42915 curl: HTTP proxy double-free 2135416 - CVE-2022-42916 curl: HSTS bypass via IDN

    1. Package List:

    Red Hat JBoss Core Services on RHEL 7 Server:

    Source: jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.src.rpm jbcs-httpd24-curl-7.86.0-2.el7jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-37.el7jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el7jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.src.rpm

    noarch: jbcs-httpd24-httpd-manual-2.4.51-37.el7jbcs.noarch.rpm

    x86_64: jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-curl-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el7jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-11.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-13.el7jbcs.x86_64.rpm

    Red Hat JBoss Core Services on RHEL 8:

    Source: jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.src.rpm jbcs-httpd24-curl-7.86.0-2.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-37.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.src.rpm

    noarch: jbcs-httpd24-httpd-manual-2.4.51-37.el8jbcs.noarch.rpm

    x86_64: jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-curl-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-13.el8jbcs.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28330 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32207 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-32221 https://access.redhat.com/security/cve/CVE-2022-35252 https://access.redhat.com/security/cve/CVE-2022-42915 https://access.redhat.com/security/cve/CVE-2022-42916 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBY5ISE9zjgjWX9erEAQixuA//dX5Q3wtu2MRvrjD/sK/r6dqBz4fWWhS9 ws2A8cRa5ki3RlCaYQ3pP7LkRtIdankAP3HG1NU4er/odsMEW5aEgku+5foV7w4M WEd0USLKs3Pw5a7/3TjOBUf5CA7oet03C7/u9idWaLD/ip4UMhskSnz33qFQSFZf FAWNdsRhH8+ql6qFMg9Odv5RFX3i2+wBy5pC69Akr2FBEt9j+/PbvSPWuPD26n6H 0l+QUKrI3OW1EHzz+S/8aEfTFKLluXfhVJn61wdA8Kjs4ZKrnBz8czJjxn4hOi7a z0tpzg5d1BJEf/UB7EdyyLBGRIliWhf978qtG8QS37GEgnQSof2xgcfu1NGiHl9j ypCqX1R4oOkeoISynnZUKWZ1uFp5GkMiRtPu0Bw7WYB6z/8OWZce4yIqh1rcG09d NcyleabDtpJ7C3BJQzpnhXAWjri7oJ6wHBvcbQ9sLj2xkQRX2Zpi0KJGIH8iLwdn Ik+RIZ7u/mXeW3ulcwiQTPYbTQLWGXqgZV1qxJq91HIcu+y3STQwZjb4fZuqjH5M onO/rF2y50l9LqArg/v9KAJUbHSKMDP6r7Dx02J+iKjW3g7NczoImrU7JcyAgce9 mCN7gMmU9bQx1tagIKcKKW5IVN/jHyWKJW/t0teoaECsa2LMgoEIt+6RcmQXWpdF 6t6oQh+b3NY=UGfz -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

    The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Bugs fixed (https://bugzilla.redhat.com/):

    2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service

    6

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "scalance sc646-2c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "_id": null,
            "model": "bootstrap os",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "solidfire",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "scalance sc622-2c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "_id": null,
            "model": "hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "element software",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "scalance sc642-2c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.84.0"
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "scalance sc632-2c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "scalance sc626-2c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "scalance sc636-2c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32206"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168538"
          },
          {
            "db": "PACKETSTORM",
            "id": "168275"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "168347"
          },
          {
            "db": "PACKETSTORM",
            "id": "170083"
          },
          {
            "db": "PACKETSTORM",
            "id": "170166"
          },
          {
            "db": "PACKETSTORM",
            "id": "172765"
          },
          {
            "db": "PACKETSTORM",
            "id": "168284"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2022-32206",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-32206",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-32206",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-32206",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-32206",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202206-2565",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32206"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32206"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. Harry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity fixes:\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n\n* nodejs16: CRLF injection in node-undici (CVE-2022-31150)\n\n* nodejs/undici: Cookie headers uncleared on cross-origin redirect\n(CVE-2022-31151)\n\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* RHACM 2.4 using deprecated APIs in managed clusters (BZ# 2041540)\n\n* vSphere network name doesn\u0027t allow entering spaces and doesn\u0027t reflect\nYAML changes (BZ# 2074766)\n\n* cluster update status is stuck, also update is not even visible (BZ#\n2079418)\n\n* Policy that creates cluster role is showing as not compliant due to\nRequest entity too large message (BZ# 2088486)\n\n* Upgraded from RHACM 2.2--\u003e2.3--\u003e2.4 and cannot create cluster (BZ#\n2089490)\n\n* ACM Console Becomes Unusable After a Time (BZ# 2097464)\n\n* RHACM 2.4.6 images (BZ# 2100613)\n\n* Cluster Pools with conflicting name of existing clusters in same\nnamespace fails creation and deletes existing cluster (BZ# 2102436)\n\n* ManagedClusters in Pending import state after ACM hub migration (BZ#\n2102495)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2041540 - RHACM 2.4 using deprecated APIs in managed clusters\n2074766 - vSphere network name doesn\u0027t allow entering spaces and doesn\u0027t reflect YAML changes\n2079418 - cluster update status is stuck, also update is not even visible\n2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message\n2089490 - Upgraded from RHACM 2.2--\u003e2.3--\u003e2.4 and cannot create cluster\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2097464 - ACM Console Becomes Unusable After a Time\n2100613 - RHACM 2.4.6 images\n2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster\n2102495 - ManagedClusters in Pending import state after ACM hub migration\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici\n2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect\n2124794 - CVE-2022-36067 vm2:  Sandbox Escape in vm2\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2647 - Add link to log console from pod views\nLOG-2801 - After upgrade all logs are stored in app indices\nLOG-2917 - Changing refresh interval throws error when the \u0027Query\u0027 field is empty\n\n6. This advisory contains the following\nOpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions\n(CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Solution:\n\nBefore applying this update, you must apply all previously released errata\nrelevant to your system. \n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift  Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5. Description:\n\nMulticluster Engine for Kubernetes 2.0.2 images\n\nMulticluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds. \n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters or to bring existing Kubernetes-based clusters under management by\nimporting them. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy. \n\nSecurity updates:\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fix:\n\n* MCE 2.0.2 images (BZ# 2104569)\n\n3. Solution:\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2104569 - MCE 2.0.2 Images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2124794 - CVE-2022-36067 vm2:  Sandbox Escape in vm2\n\n5. \n\nBug Fix(es):\n\n* Cloning a Block DV to VM with Filesystem with not big enough size comes\nto endless loop - using pvc api (BZ#2033191)\n\n* Restart of VM Pod causes SSH keys to be regenerated within VM\n(BZ#2087177)\n\n* Import gzipped raw file causes image to be downloaded and uncompressed to\nTMPDIR (BZ#2089391)\n\n* [4.11] VM Snapshot Restore hangs indefinitely when backed by a\nsnapshotclass (BZ#2098225)\n\n* Fedora version in DataImportCrons is not \u0027latest\u0027 (BZ#2102694)\n\n* [4.11] Cloned VM\u0027s snapshot restore fails if the source VM disk is\ndeleted (BZ#2109407)\n\n* CNV introduces a compliance check fail in \"ocp4-moderate\" profile -\nroutes-protected-by-tls (BZ#2110562)\n\n* Nightly build: v4.11.0-578: index format was changed in 4.11 to\nfile-based instead of sqlite-based (BZ#2112643)\n\n* Unable to start windows VMs on PSI setups (BZ#2115371)\n\n* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity\nrestricted:v1.24 (BZ#2128997)\n\n* Mark Windows 11 as TechPreview (BZ#2129013)\n\n* 4.11.1 rpms (BZ#2139453)\n\nThis advisory contains the following OpenShift Virtualization 4.11.1\nimages. \n\nRHEL-8-CNV-4.11\n\nvirt-cdi-operator-container-v4.11.1-5\nvirt-cdi-uploadserver-container-v4.11.1-5\nvirt-cdi-apiserver-container-v4.11.1-5\nvirt-cdi-importer-container-v4.11.1-5\nvirt-cdi-controller-container-v4.11.1-5\nvirt-cdi-cloner-container-v4.11.1-5\nvirt-cdi-uploadproxy-container-v4.11.1-5\ncheckup-framework-container-v4.11.1-3\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7\nkubevirt-template-validator-container-v4.11.1-4\nvirt-handler-container-v4.11.1-5\nhostpath-provisioner-operator-container-v4.11.1-4\nvirt-api-container-v4.11.1-5\nvm-network-latency-checkup-container-v4.11.1-3\ncluster-network-addons-operator-container-v4.11.1-5\nvirtio-win-container-v4.11.1-4\nvirt-launcher-container-v4.11.1-5\novs-cni-marker-container-v4.11.1-5\nhyperconverged-cluster-webhook-container-v4.11.1-7\nvirt-controller-container-v4.11.1-5\nvirt-artifacts-server-container-v4.11.1-5\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7\nlibguestfs-tools-container-v4.11.1-5\nhostpath-provisioner-container-v4.11.1-4\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.1-7\ncnv-containernetworking-plugins-container-v4.11.1-5\nbridge-marker-container-v4.11.1-5\nvirt-operator-container-v4.11.1-5\nhostpath-csi-driver-container-v4.11.1-4\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7\nkubemacpool-container-v4.11.1-5\nhyperconverged-cluster-operator-container-v4.11.1-7\nkubevirt-ssp-operator-container-v4.11.1-4\novs-cni-plugin-container-v4.11.1-5\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7\nkubevirt-tekton-tasks-operator-container-v4.11.1-2\ncnv-must-gather-container-v4.11.1-8\nkubevirt-console-plugin-container-v4.11.1-9\nhco-bundle-registry-container-v4.11.1-49\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update\nAdvisory ID:       RHSA-2022:8840-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:8840\nIssue date:        2022-12-08\nCVE Names:         CVE-2022-1292 CVE-2022-2068 CVE-2022-22721\n                   CVE-2022-23943 CVE-2022-26377 CVE-2022-28330\n                   CVE-2022-28614 CVE-2022-28615 CVE-2022-30522\n                   CVE-2022-31813 CVE-2022-32206 CVE-2022-32207\n                   CVE-2022-32208 CVE-2022-32221 CVE-2022-35252\n                   CVE-2022-42915 CVE-2022-42916\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64\nRed Hat JBoss Core Services on RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nService Pack 1 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.51, and includes bug fixes and enhancements, which\nare documented in the Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* curl: HSTS bypass via IDN (CVE-2022-42916)\n\n* curl: HTTP proxy double-free (CVE-2022-42915)\n\n* curl: POST following PUT confusion (CVE-2022-32221)\n\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n(CVE-2022-31813)\n\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n\n* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n\n* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n\n* curl: control code in cookie denial of service (CVE-2022-35252)\n\n* jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)\n\n* curl: Unpreserved file permissions (CVE-2022-32207)\n\n* curl: various flaws (CVE-2022-32206 CVE-2022-32208)\n\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n\n* jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large\nor unlimited LimitXMLRequestBody (CVE-2022-22721)\n\n* jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds\n(CVE-2022-23943)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for\nthis update to take effect. After installing the updated packages, the\nhttpd daemon will be restarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds\n2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody\n2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection\n2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling\n2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read\n2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite()\n2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match()\n2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability\n2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099305 - CVE-2022-32207 curl: Unpreserved file permissions\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n2120718 - CVE-2022-35252 curl: control code in cookie denial of service\n2135411 - CVE-2022-32221 curl: POST following PUT confusion\n2135413 - CVE-2022-42915 curl: HTTP proxy double-free\n2135416 - CVE-2022-42916 curl: HSTS bypass via IDN\n\n6. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-apr-util-1.6.1-99.el7jbcs.src.rpm\njbcs-httpd24-curl-7.86.0-2.el7jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-37.el7jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el7jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-18.el7jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-22.el7jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-13.el7jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-37.el7jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-util-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-18.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-18.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-22.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-22.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-11.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-13.el7jbcs.x86_64.rpm\n\nRed Hat JBoss Core Services on RHEL 8:\n\nSource:\njbcs-httpd24-apr-util-1.6.1-99.el8jbcs.src.rpm\njbcs-httpd24-curl-7.86.0-2.el8jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-37.el8jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el8jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-18.el8jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-22.el8jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-13.el8jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-37.el8jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-util-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-18.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-18.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-22.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-22.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-11.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-13.el8jbcs.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-22721\nhttps://access.redhat.com/security/cve/CVE-2022-23943\nhttps://access.redhat.com/security/cve/CVE-2022-26377\nhttps://access.redhat.com/security/cve/CVE-2022-28330\nhttps://access.redhat.com/security/cve/CVE-2022-28614\nhttps://access.redhat.com/security/cve/CVE-2022-28615\nhttps://access.redhat.com/security/cve/CVE-2022-30522\nhttps://access.redhat.com/security/cve/CVE-2022-31813\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32207\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/cve/CVE-2022-32221\nhttps://access.redhat.com/security/cve/CVE-2022-35252\nhttps://access.redhat.com/security/cve/CVE-2022-42915\nhttps://access.redhat.com/security/cve/CVE-2022-42916\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY5ISE9zjgjWX9erEAQixuA//dX5Q3wtu2MRvrjD/sK/r6dqBz4fWWhS9\nws2A8cRa5ki3RlCaYQ3pP7LkRtIdankAP3HG1NU4er/odsMEW5aEgku+5foV7w4M\nWEd0USLKs3Pw5a7/3TjOBUf5CA7oet03C7/u9idWaLD/ip4UMhskSnz33qFQSFZf\nFAWNdsRhH8+ql6qFMg9Odv5RFX3i2+wBy5pC69Akr2FBEt9j+/PbvSPWuPD26n6H\n0l+QUKrI3OW1EHzz+S/8aEfTFKLluXfhVJn61wdA8Kjs4ZKrnBz8czJjxn4hOi7a\nz0tpzg5d1BJEf/UB7EdyyLBGRIliWhf978qtG8QS37GEgnQSof2xgcfu1NGiHl9j\nypCqX1R4oOkeoISynnZUKWZ1uFp5GkMiRtPu0Bw7WYB6z/8OWZce4yIqh1rcG09d\nNcyleabDtpJ7C3BJQzpnhXAWjri7oJ6wHBvcbQ9sLj2xkQRX2Zpi0KJGIH8iLwdn\nIk+RIZ7u/mXeW3ulcwiQTPYbTQLWGXqgZV1qxJq91HIcu+y3STQwZjb4fZuqjH5M\nonO/rF2y50l9LqArg/v9KAJUbHSKMDP6r7Dx02J+iKjW3g7NczoImrU7JcyAgce9\nmCN7gMmU9bQx1tagIKcKKW5IVN/jHyWKJW/t0teoaECsa2LMgoEIt+6RcmQXWpdF\n6t6oQh+b3NY=UGfz\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. Bugs fixed (https://bugzilla.redhat.com/):\n\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service\n\n6",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32206"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32206"
          },
          {
            "db": "PACKETSTORM",
            "id": "168538"
          },
          {
            "db": "PACKETSTORM",
            "id": "168275"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "168347"
          },
          {
            "db": "PACKETSTORM",
            "id": "170083"
          },
          {
            "db": "PACKETSTORM",
            "id": "170166"
          },
          {
            "db": "PACKETSTORM",
            "id": "172765"
          },
          {
            "db": "PACKETSTORM",
            "id": "168284"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-32206",
            "trust": 2.5
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2023/02/15/3",
            "trust": 1.6
          },
          {
            "db": "HACKERONE",
            "id": "1570651",
            "trust": 1.6
          },
          {
            "db": "SIEMENS",
            "id": "SSA-333517",
            "trust": 1.6
          },
          {
            "db": "PACKETSTORM",
            "id": "168347",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "170166",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168284",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3366",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.6333",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3732",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.6290",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4468",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4757",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3143",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3238",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4324",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5247",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4266",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4112",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3117",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5632",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.2163",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5300",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4525",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4568",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "167607",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "168301",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "168174",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "168503",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "168378",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "169443",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022071152",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022062927",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32206",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168538",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168275",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170741",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170083",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "172765",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-32206"
          },
          {
            "db": "PACKETSTORM",
            "id": "168538"
          },
          {
            "db": "PACKETSTORM",
            "id": "168275"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "168347"
          },
          {
            "db": "PACKETSTORM",
            "id": "170083"
          },
          {
            "db": "PACKETSTORM",
            "id": "170166"
          },
          {
            "db": "PACKETSTORM",
            "id": "172765"
          },
          {
            "db": "PACKETSTORM",
            "id": "168284"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32206"
          }
        ]
      },
      "id": "VAR-202206-1900",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5566514
      },
      "last_update_date": "2026-04-10T23:28:19.708000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "curl Remediation of resource management error vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=198520"
          },
          {
            "title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5495-1"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-32206"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-770",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32206"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.6,
            "url": "https://hackerone.com/reports/1570651"
          },
          {
            "trust": 1.6,
            "url": "http://seclists.org/fulldisclosure/2022/oct/41"
          },
          {
            "trust": 1.6,
            "url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
          },
          {
            "trust": 1.6,
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "trust": 1.6,
            "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
          },
          {
            "trust": 1.6,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
          },
          {
            "trust": 1.6,
            "url": "http://seclists.org/fulldisclosure/2022/oct/28"
          },
          {
            "trust": 1.6,
            "url": "https://support.apple.com/kb/ht213488"
          },
          {
            "trust": 1.6,
            "url": "https://security.gentoo.org/glsa/202212-01"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-32206"
          },
          {
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.8,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2022-32208"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-1292"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-2068"
          },
          {
            "trust": 0.6,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/curl-denial-of-service-via-http-compression-38671"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022062927"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht213488"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168347/red-hat-security-advisory-2022-6422-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.6290"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168301/red-hat-security-advisory-2022-6287-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168174/red-hat-security-advisory-2022-6157-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4112"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/170166/red-hat-security-advisory-2022-8840-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168378/red-hat-security-advisory-2022-6507-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5247"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3366"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168503/red-hat-security-advisory-2022-6560-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4757"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167607/ubuntu-security-notice-usn-5495-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.2163"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022071152"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3238"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168284/red-hat-security-advisory-2022-6183-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4266"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-32206/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5632"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4468"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4324"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4525"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169443/red-hat-security-advisory-2022-7058-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3117"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4568"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-2097"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-1586"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-29154"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1785"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1897"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1927"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-2526"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2015-20107"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-30629"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0391"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-34903"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-32148"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-1705"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-30631"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#critical"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-36067"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-31129"
          },
          {
            "trust": 0.2,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32148"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-30698"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26716"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-27406"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-30293"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-35525"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-38561"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-40674"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22624"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22662"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-35527"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-0256"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2016-3709"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22629"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26717"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-24795"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26719"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-2509"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26709"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26700"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-27405"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25308"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26710"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1304"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25309"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-27404"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-30699"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25310"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22628"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0934"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-0308"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-37434"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-3515"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5495-1"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28915"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27782"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1729"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6696"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21123"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-32250"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-31150"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27776"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21123"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21166"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21125"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22576"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27666"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27774"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-40528"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29824"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-31151"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6344"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0408"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30632"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23772"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28131"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29526"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30633"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23773"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30630"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1962"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30635"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3787"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23806"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1798"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6422"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-36067"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-38177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28327"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24921"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24675"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:8750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-38178"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-32207"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-31813"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42915"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28615"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42916"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22721"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-35252"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28614"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28330"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26377"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:8840"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23943"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30522"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-32221"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-23916"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:3460"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6183"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-32206"
          },
          {
            "db": "PACKETSTORM",
            "id": "168538"
          },
          {
            "db": "PACKETSTORM",
            "id": "168275"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "168347"
          },
          {
            "db": "PACKETSTORM",
            "id": "170083"
          },
          {
            "db": "PACKETSTORM",
            "id": "170166"
          },
          {
            "db": "PACKETSTORM",
            "id": "172765"
          },
          {
            "db": "PACKETSTORM",
            "id": "168284"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32206"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2022-32206",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168538",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168275",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170741",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168347",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170083",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170166",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "172765",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168284",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32206",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-09-27T16:01:00",
            "db": "PACKETSTORM",
            "id": "168538",
            "ident": null
          },
          {
            "date": "2022-09-07T16:50:50",
            "db": "PACKETSTORM",
            "id": "168275",
            "ident": null
          },
          {
            "date": "2023-01-26T15:29:09",
            "db": "PACKETSTORM",
            "id": "170741",
            "ident": null
          },
          {
            "date": "2022-09-13T15:29:12",
            "db": "PACKETSTORM",
            "id": "168347",
            "ident": null
          },
          {
            "date": "2022-12-02T15:57:08",
            "db": "PACKETSTORM",
            "id": "170083",
            "ident": null
          },
          {
            "date": "2022-12-08T21:28:44",
            "db": "PACKETSTORM",
            "id": "170166",
            "ident": null
          },
          {
            "date": "2023-06-06T17:04:24",
            "db": "PACKETSTORM",
            "id": "172765",
            "ident": null
          },
          {
            "date": "2022-09-07T16:57:47",
            "db": "PACKETSTORM",
            "id": "168284",
            "ident": null
          },
          {
            "date": "2022-06-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-2565",
            "ident": null
          },
          {
            "date": "2022-07-07T13:15:08.340000",
            "db": "NVD",
            "id": "CVE-2022-32206",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-06-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-2565",
            "ident": null
          },
          {
            "date": "2025-05-05T17:18:13.120000",
            "db": "NVD",
            "id": "CVE-2022-32206",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "curl Resource Management Error Vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201504-0147

    Vulnerability from variot - Updated: 2026-04-10 23:26

    cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. cURL/libcURL is prone to a remote security-bypass vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. cURL/libcURL 7.10.6 through versions 7.41.0 are vulnerable. Both Haxx curl and libcurl are products of the Swedish company Haxx. curl is a set of file transfer tools that use URL syntax to work on the command line. libcurl is a free, open source client-side URL transfer library. ============================================================================ Ubuntu Security Notice USN-2591-1 April 30, 2015

    curl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 15.04
    • Ubuntu 14.10
    • Ubuntu 14.04 LTS
    • Ubuntu 12.04 LTS

    Summary:

    Several security issues were fixed in curl.

    Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

    Details:

    Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. (CVE-2015-3143)

    Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. If a user or automated system were tricked into parsing a specially crafted cookie, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3145)

    Isaac Boukris discovered that when using Negotiate authenticated connections, curl could incorrectly authenticate the entire connection and not just specific HTTP requests. (CVE-2015-3148)

    Yehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers both to servers and proxies by default, contrary to expectations. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 15.04: libcurl3 7.38.0-3ubuntu2.2 libcurl3-gnutls 7.38.0-3ubuntu2.2 libcurl3-nss 7.38.0-3ubuntu2.2

    Ubuntu 14.10: libcurl3 7.37.1-1ubuntu3.4 libcurl3-gnutls 7.37.1-1ubuntu3.4 libcurl3-nss 7.37.1-1ubuntu3.4

    Ubuntu 14.04 LTS: libcurl3 7.35.0-1ubuntu2.5 libcurl3-gnutls 7.35.0-1ubuntu2.5 libcurl3-nss 7.35.0-1ubuntu2.5

    Ubuntu 12.04 LTS: libcurl3 7.22.0-3ubuntu4.14 libcurl3-gnutls 7.22.0-3ubuntu4.14 libcurl3-nss 7.22.0-3ubuntu4.14

    In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04986859

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c04986859 Version: 1

    HPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware 7 and cURL, Remote Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2016-02-19 Last Updated: 2016-02-19

    Potential Security Impact: Remote Unauthorized Access

    Source: Hewlett Packard Enterprise, Product Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities in cURL and libcurl have been addressed with HPE iMC PLAT and other HP and H3C products using Comware 7. The vulnerabilities could be exploited remotely resulting in unauthorized access.

    References:

    • CVE-2015-3143
    • CVE-2015-3148
    • SSRT102110
    • PSRT110028

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products.

    Note: all product versions are impacted prior to the fixed versions listed.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2015-3143 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-3148 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in Comware 7 and iMC Plat.

    COMWARE 7 Products

    • 12500 (Comware 7) R7375
      • HP Network Products
      • JC085A HP A12518 Switch Chassis
      • JC086A HP A12508 Switch Chassis
      • JC652A HP 12508 DC Switch Chassis
      • JC653A HP 12518 DC Switch Chassis
      • JC654A HP 12504 AC Switch Chassis
      • JC655A HP 12504 DC Switch Chassis
      • JF430A HP A12518 Switch Chassis
      • JF430B HP 12518 Switch Chassis
      • JF430C HP 12518 AC Switch Chassis
      • JF431A HP A12508 Switch Chassis
      • JF431B HP 12508 Switch Chassis
      • JF431C HP 12508 AC Switch Chassis
      • JC072B HP 12500 Main Processing Unit
      • JG497A HP 12500 MPU w/Comware V7 OS
      • JG782A HP FF 12508E AC Switch Chassis
      • JG783A HP FF 12508E DC Switch Chassis
      • JG784A HP FF 12518E AC Switch Chassis
      • JG785A HP FF 12518E DC Switch Chassis
      • JG802A HP FF 12500E MPU
      • JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis
      • JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis
      • JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis
      • JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis
      • JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit
      • JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module
      • JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module
      • JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module
      • JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module
      • JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module
      • JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module
      • JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module
      • JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant Module
      • JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module
      • JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module
      • JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module
      • JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module
      • JG798A HP FlexFabric 12508E Fabric Module
      • H3C Products
      • H3C S12508 Routing Switch (AC-1) (0235A0GE)
      • H3C S12518 Routing Switch (AC-1) (0235A0GF)
      • H3C S12508 Chassis (0235A0E6)
      • H3C S12508 Chassis (0235A38N)
      • H3C S12518 Chassis (0235A0E7)
      • H3C S12518 Chassis (0235A38M)
      • H3C 12508 DC Switch Chassis (0235A38L)
      • H3C 12518 DC Switch Chassis (0235A38K)
    • 10500 (Comware 7) R7168
      • HP Network Products
      • JC611A HP 10508-V Switch Chassis
      • JC612A HP 10508 Switch Chassis
      • JC613A HP 10504 Switch Chassis
      • JC748A HP 10512 Switch Chassis
      • JG820A HP 10504 TAA Switch Chassis
      • JG821A HP 10508 TAA Switch Chassis
      • JG822A HP 10508-V TAA Switch Chassis
      • JG823A HP 10512 TAA Switch Chassis
      • JG496A HP 10500 Type A MPU w/Comware v7 OS
      • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
      • JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE Module
      • JH192A HP 10500 48-port Gig-T (RJ45) SE Module
      • JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module
      • JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module
      • JH195A HP 10500 6-port 40GbE QSFP+ EC Module
      • JH196A HP 10500 2-port 100GbE CFP EC Module
      • JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module
    • 12900 (Comware 7) R1137
      • HP Network Products
      • JG619A HP FlexFabric 12910 Switch AC Chassis
      • JG621A HP FlexFabric 12910 Main Processing Unit
      • JG632A HP FlexFabric 12916 Switch AC Chassis
      • JG634A HP FlexFabric 12916 Main Processing Unit
      • JH104A HP FlexFabric 12900E Main Processing Unit
      • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
      • JH263A HP FlexFabric 12904E Main Processing Unit
      • JH255A HP FlexFabric 12908E Switch Chassis
      • JH262A HP FlexFabric 12904E Switch Chassis
      • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
      • JH103A HP FlexFabric 12916E Switch Chassis
    • 5900 (Comware 7) R2422P01
      • HP Network Products
      • JC772A HP 5900AF-48XG-4QSFP+ Switch
      • JG336A HP 5900AF-48XGT-4QSFP+ Switch
      • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
      • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
      • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
      • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
      • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
      • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
    • 5920 (Comware 7) R2422P01
      • HP Network Products
      • JG296A HP 5920AF-24XG Switch
      • JG555A HP 5920AF-24XG TAA Switch
    • MSR1000 (Comware 7) R0304P04
      • HP Network Products
      • JG875A HP MSR1002-4 AC Router
      • JH060A HP MSR1003-8S AC Router
    • MSR2000 (Comware 7) R0304P04
      • HP Network Products
      • JG411A HP MSR2003 AC Router
      • JG734A HP MSR2004-24 AC Router
      • JG735A HP MSR2004-48 Router
      • JG866A HP MSR2003 TAA-compliant AC Router
    • MSR3000 (Comware 7) R0304P04
      • HP Network Products
      • JG404A HP MSR3064 Router
      • JG405A HP MSR3044 Router
      • JG406A HP MSR3024 AC Router
      • JG407A HP MSR3024 DC Router
      • JG408A HP MSR3024 PoE Router
      • JG409A HP MSR3012 AC Router
      • JG410A HP MSR3012 DC Router
      • JG861A HP MSR3024 TAA-compliant AC Router
    • MSR4000 (Comware 7) R0304P04
      • HP Network Products
      • JG402A HP MSR4080 Router Chassis
      • JG403A HP MSR4060 Router Chassis
      • JG412A HP MSR4000 MPU-100 Main Processing Unit
      • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
    • VSR (Comware 7) E0321
      • HP Network Products
      • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
      • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
      • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
      • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
    • 7900 (Comware 7) R2137
      • HP Network Products
      • JG682A HP FlexFabric 7904 Switch Chassis
      • JG841A HP FlexFabric 7910 Switch Chassis
      • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
      • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
      • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
      • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
      • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
      • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
    • 5130 (Comware 7) R3109P09
      • HP Network Products
      • JG932A HP 5130-24G-4SFP+ EI Switch
      • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
      • JG934A HP 5130-48G-4SFP+ EI Switch
      • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
      • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
      • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
      • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
      • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
      • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
      • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
      • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
      • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
      • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • 5700 (Comware 7) R2422P01
      • HP Network Products
      • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
      • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
      • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
      • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
      • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
      • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
    • 5930 (Comware 7) R2422P01
      • HP Network Products
      • JG726A HP FlexFabric 5930 32QSFP+ Switch
      • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
      • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
      • JH179A HP FlexFabric 5930 4-slot Switch
      • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
      • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
    • HSR6602 (Comware 7) R7103P05
      • HP Network Products
      • JG353A HP HSR6602-G Router
      • JG354A HP HSR6602-XG Router
      • JG776A HP HSR6602-G TAA-compliant Router
      • JG777A HP HSR6602-XG TAA-compliant Router
    • HSR6800 (Comware 7) R7103P05
      • HP Network Products
      • JG361A HP HSR6802 Router Chassis
      • JG361B HP HSR6802 Router Chassis
      • JG362A HP HSR6804 Router Chassis
      • JG362B HP HSR6804 Router Chassis
      • JG363A HP HSR6808 Router Chassis
      • JG363B HP HSR6808 Router Chassis
      • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
      • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
      • JH075A) HP HSR6800 RSE-X3 Router Main Processing Unit
    • 1950 R3109P09
      • HP Network Products
      • JG960A HP 1950-24G-4XG Switch
      • JG961A HP 1950-48G-2SFP+-2XGT Switch
      • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
      • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch

    iMC

    • iMC Plat iMC Plat 7.1 (E0303P13)
      • HP Network Products
      • JD125A HP IMC Std S/W Platform w/100-node
      • JD126A HP IMC Ent S/W Platform w/100-node
      • JD808A HP IMC Ent Platform w/100-node License
      • JD814A HP A-IMC Enterprise Edition Software DVD Media
      • JD815A HP IMC Std Platform w/100-node License
      • JD816A HP A-IMC Standard Edition Software DVD Media
      • JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
      • JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
      • JF377A HP IMC Std S/W Platform w/100-node Lic
      • JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
      • JF378A HP IMC Ent S/W Platform w/200-node Lic
      • JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
      • JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
      • JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
      • JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
      • JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
      • JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
      • JG659AAE HP IMC Smart Connect VAE E-LTU
      • JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
      • JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
      • JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
      • JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
      • JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
      • JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU

    HISTORY Version:1 (rev.1) - 19 February 2016 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

    Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com

    Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

    Copyright 2016 Hewlett Packard Enterprise

    Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. 7) - x86_64

    1. (BZ#1154060)

    2. TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. (BZ#1170339)

    3. FTP operations such as downloading files took a significantly long time to complete. Now, the FTP implementation in libcurl correctly sets blocking direction and estimated timeout for connections, resulting in faster FTP transfers. (BZ#1066065)

    4. The libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on the libcurl multi API. The non-blocking SSL handshake has been implemented in libcurl, and the libcurl multi API now immediately returns the control back to the application whenever it cannot read or write data from or to the underlying network socket. (BZ#1091429)

    5. The libcurl library used an unnecessarily long blocking delay for actions with no active file descriptors, even for short operations. Some actions, such as resolving a host name using /etc/hosts, took a long time to complete. The blocking code in libcurl has been modified so that the initial delay is short and gradually increases until an event occurs.

    Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237 ( Security fix ) +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz

    Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz

    Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz

    Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz

    Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz

    Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz

    Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz

    Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz

    Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz

    Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz

    Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz

    Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz

    MD5 signatures: +-------------+

    Slackware 13.0 package: e9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz

    Slackware x86_64 13.0 package: 5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz

    Slackware 13.1 package: 9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz

    Slackware x86_64 13.1 package: 7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz

    Slackware 13.37 package: 00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz

    Slackware x86_64 13.37 package: 23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz

    Slackware 14.0 package: 76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz

    Slackware x86_64 14.0 package: daf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz

    Slackware 14.1 package: 8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz

    Slackware x86_64 14.1 package: 763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz

    Slackware -current package: 0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz

    Slackware x86_64 -current package: 4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz

    Installation instructions: +------------------------+

    Upgrade the package as root:

    upgradepkg curl-7.45.0-i486-1_slack14.1.txz

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: curl security, bug fix, and enhancement update Advisory ID: RHSA-2015:1254-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1254.html Issue date: 2015-07-22 Updated on: 2014-12-15 CVE Names: CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3148 =====================================================================

    1. Summary:

    Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.

    Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

    1. Description:

    The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

    It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. (CVE-2014-3613)

    A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. (CVE-2014-3707)

    It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests. (CVE-2014-8150)

    It was discovered that libcurl implemented aspects of the NTLM and Negotatiate authentication incorrectly. If an application uses libcurl and the affected mechanisms in a specifc way, certain requests to a previously NTLM-authenticated server could appears as sent by the wrong authenticated user. Additionally, the initial set of credentials for HTTP Negotiate-authenticated requests could be reused in subsequent requests, although a different set of credentials was specified. (CVE-2015-3143, CVE-2015-3148)

    Red Hat would like to thank the cURL project for reporting these issues.

    Bug fixes:

    • An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available with libcurl. Attackers could abuse the fallback to force downgrade of the SSL version. The fallback has been removed from libcurl. Users requiring this functionality can explicitly enable SSLv3.0 through the libcurl API. (BZ#1154059)

    • A single upload transfer through the FILE protocol opened the destination file twice. If the inotify kernel subsystem monitored the file, two events were produced unnecessarily. The file is now opened only once per upload. (BZ#883002)

    • Utilities using libcurl for SCP/SFTP transfers could terminate unexpectedly when the system was running in FIPS mode. (BZ#1008178)

    • Using the "--retry" option with the curl utility could cause curl to terminate unexpectedly with a segmentation fault. Now, adding "--retry" no longer causes curl to crash. (BZ#1009455)

    • The "curl --trace-time" command did not use the correct local time when printing timestamps. Now, "curl --trace-time" works as expected. (BZ#1120196)

    • The valgrind utility could report dynamically allocated memory leaks on curl exit. Now, curl performs a global shutdown of the NetScape Portable Runtime (NSPR) library on exit, and valgrind no longer reports the memory leaks. (BZ#1146528)

    • Previously, libcurl returned an incorrect value of the CURLINFO_HEADER_SIZE field when a proxy server appended its own headers to the HTTP response. Now, the returned value is valid. (BZ#1161163)

    Enhancements:

    • The "--tlsv1.0", "--tlsv1.1", and "--tlsv1.2" options are available for specifying the minor version of the TLS protocol to be negotiated by NSS. The "--tlsv1" option now negotiates the highest version of the TLS protocol supported by both the client and the server. (BZ#1012136)

    • It is now possible to explicitly enable or disable the ECC and the new AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)

    All curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.

    1. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied.

    For details on how to apply this update, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    835898 - Bug in DNS cache causes connections until restart of libcurl-using processes 883002 - curl used with file:// protocol opens and closes a destination file twice 997185 - sendrecv.c example incorrect type for sockfd 1008178 - curl scp download fails in fips mode 1011083 - CA certificate cannot be specified by nickname [documentation bug] 1011101 - manpage typos found using aspell 1058767 - curl does not support ECDSA certificates 1104160 - Link in curl man page is wrong 1136154 - CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain 1154059 - curl: Disable out-of-protocol fallback to SSL 3.0 1154747 - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth 1154941 - CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS 1156422 - curl does not allow explicit control of DHE ciphers 1161163 - Response headers added by proxy servers missing in CURLINFO_HEADER_SIZE 1168137 - curl closes connection after HEAD request fails 1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn() 1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated 1213351 - CVE-2015-3148 curl: Negotiate not treated as connection-oriented

    1. Package List:

    Red Hat Enterprise Linux Desktop (v. 6):

    Source: curl-7.19.7-46.el6.src.rpm

    i386: curl-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.i686.rpm

    x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm

    Red Hat Enterprise Linux Desktop Optional (v. 6):

    i386: curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.i686.rpm

    x86_64: curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm

    Red Hat Enterprise Linux HPC Node (v. 6):

    Source: curl-7.19.7-46.el6.src.rpm

    x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm

    Red Hat Enterprise Linux HPC Node Optional (v. 6):

    x86_64: curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 6):

    Source: curl-7.19.7-46.el6.src.rpm

    i386: curl-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.i686.rpm

    ppc64: curl-7.19.7-46.el6.ppc64.rpm curl-debuginfo-7.19.7-46.el6.ppc.rpm curl-debuginfo-7.19.7-46.el6.ppc64.rpm libcurl-7.19.7-46.el6.ppc.rpm libcurl-7.19.7-46.el6.ppc64.rpm libcurl-devel-7.19.7-46.el6.ppc.rpm libcurl-devel-7.19.7-46.el6.ppc64.rpm

    s390x: curl-7.19.7-46.el6.s390x.rpm curl-debuginfo-7.19.7-46.el6.s390.rpm curl-debuginfo-7.19.7-46.el6.s390x.rpm libcurl-7.19.7-46.el6.s390.rpm libcurl-7.19.7-46.el6.s390x.rpm libcurl-devel-7.19.7-46.el6.s390.rpm libcurl-devel-7.19.7-46.el6.s390x.rpm

    x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 6):

    Source: curl-7.19.7-46.el6.src.rpm

    i386: curl-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.i686.rpm

    x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2014-3613 https://access.redhat.com/security/cve/CVE-2014-3707 https://access.redhat.com/security/cve/CVE-2014-8150 https://access.redhat.com/security/cve/CVE-2015-3143 https://access.redhat.com/security/cve/CVE-2015-3148 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iD8DBQFVrzSJXlSAg2UNWIIRAnEiAJ9xqOogsAzooomZ4VeMgA+gUwEuTwCfTzMn emWApg/iYw5vIs3rWoqmU7A= =p+Xb -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://advisories.mageia.org/MGASA-2015-0179.html


    Updated Packages:

    Mandriva Business Server 1/X86_64: fd3f4894f5c5215c29b84d70f2c6ada2 mbs1/x86_64/curl-7.24.0-3.9.mbs1.x86_64.rpm a00d0747b4d6ae22475948119a42efc4 mbs1/x86_64/curl-examples-7.24.0-3.9.mbs1.x86_64.rpm d5291ae320dd5766e4b981ff66b36e19 mbs1/x86_64/lib64curl4-7.24.0-3.9.mbs1.x86_64.rpm 62d5295190433ca4ff7d2cda746d6b16 mbs1/x86_64/lib64curl-devel-7.24.0-3.9.mbs1.x86_64.rpm 5bcf6538291f947870a9ccfe62c9ea6d mbs1/SRPMS/curl-7.24.0-3.9.mbs1.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/en/support/security/advisories/

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

    iD8DBQFVRx8emqjQ0CJFipgRAsfvAJ9Sn2C56m2GSJfYRC+l1x9iUmoePwCeOcgv C0vndeaT5lGPwsIYy65q4r4= =GbzX -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.34.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.27.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.31.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.29.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.28.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.28.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.35.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.32.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.30.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.33.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.10.8"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.4"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.10.8"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.16.3"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.5"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.16.3"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.10.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.22.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.5"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.22.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.15.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.39.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.18.2"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.15.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.16.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.15.2"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.13.2"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.18.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.2"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.16.2"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.24.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.34.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.41.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.15.2"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.16.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.13.2"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.18.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.2"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.16.2"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.24.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.41.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.38.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.7"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.15.3"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.38.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.7"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.36.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.6"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.10.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.25.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.11.0"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.9.5"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.12.2"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.31.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.11.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.25.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.12.3"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.29.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.14.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.12.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.37.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.14.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.17.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.28.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.15.5"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.17.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.3"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.15.5"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.3"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.2"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.18.2"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.20.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.10.7"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.2"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.16.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.20.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.20.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.10.7"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.17.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.16.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.20.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.37.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.17.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.5"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.37.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.6"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.7"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.10.3"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.15.3"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.6"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.7"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.11.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.39"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.11.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.13.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.15.0"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "15.04"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.13.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.15.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.12.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.12.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.13.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.40.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.16.4"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.13.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.5"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.11.2"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.40.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.16.4"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.3"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.11.2"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.3"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.10"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.12.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.15.4"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.23.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.32.0"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.10.4"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.26.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.12.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.15.4"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.23.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.26.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.0"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.10.2"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.10.6"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.27.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.14.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.35.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.4"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.18.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.28.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.36.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.10.6"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.14.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.4"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.6"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.18.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.33.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.12.2"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.23.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.30.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "hp",
            "version": "7.5.3.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.23.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.19.4"
          },
          {
            "_id": null,
            "model": "ubuntu",
            "scope": null,
            "trust": 0.8,
            "vendor": "canonical",
            "version": null
          },
          {
            "_id": null,
            "model": "gnu/linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "debian",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "haxx",
            "version": "7.10.6 to  7.41.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "haxx",
            "version": "7.10.6 to  7.41.0"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "10.10 to  10.10.4"
          },
          {
            "_id": null,
            "model": "comware",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": "hpe intelligent management center plat",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": "linux x86 64 -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.37"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.37"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "hat enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "hat enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "hat enterprise linux hpc node optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "hat enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "hat enterprise linux desktop optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "hat enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.20"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.19.6"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.19.5"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.19.4"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.19.3"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.19"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.18.1"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.18"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.17"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.16.4"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.15.5"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.15.3"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.15.2"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.15.1"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.15"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.14.1"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.14"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.13.2"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.13.1"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.13"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.12.3"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.12.2"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.12.1"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.12"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.11.2"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.11.1"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.11"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.10.8"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.10.7"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.10.6"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.24.0"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.23.1"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.21.7"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.21.6"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.20.2"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.20.1"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.16.3"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "74299"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002484"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3143"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:canonical:ubuntu",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:debian:debian_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:haxx:curl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:haxx:libcurl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:apple:mac_os_x",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hp:comware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hp:intelligent_management_center_platform",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hp:system_management_homepage",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002484"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Paras Sethia",
        "sources": [
          {
            "db": "BID",
            "id": "74299"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-3143",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-3143",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-81104",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-3143",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-3143",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201504-500",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-81104",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-3143",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81104"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3143"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002484"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3143"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. cURL/libcURL is prone to a remote security-bypass vulnerability. \nAn attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. \ncURL/libcURL 7.10.6 through versions 7.41.0 are vulnerable. Both Haxx curl and libcurl are products of the Swedish company Haxx. curl is a set of file transfer tools that use URL syntax to work on the command line. libcurl is a free, open source client-side URL transfer library. ============================================================================\nUbuntu Security Notice USN-2591-1\nApril 30, 2015\n\ncurl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nParas Sethia discovered that curl could incorrectly re-use NTLM HTTP\ncredentials when subsequently connecting to the same host over HTTP. \n(CVE-2015-3143)\n\nHanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. \nIf a user or automated system were tricked into using a specially crafted\nhost name, an attacker could possibly use this issue to cause curl to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. \nIf a user or automated system were tricked into parsing a specially crafted\ncookie, an attacker could possibly use this issue to cause curl to crash,\nresulting in a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. \n(CVE-2015-3145)\n\nIsaac Boukris discovered that when using Negotiate authenticated\nconnections, curl could incorrectly authenticate the entire connection and\nnot just specific HTTP requests. (CVE-2015-3148)\n\nYehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers\nboth to servers and proxies by default, contrary to expectations. This\nissue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n  libcurl3                        7.38.0-3ubuntu2.2\n  libcurl3-gnutls                 7.38.0-3ubuntu2.2\n  libcurl3-nss                    7.38.0-3ubuntu2.2\n\nUbuntu 14.10:\n  libcurl3                        7.37.1-1ubuntu3.4\n  libcurl3-gnutls                 7.37.1-1ubuntu3.4\n  libcurl3-nss                    7.37.1-1ubuntu3.4\n\nUbuntu 14.04 LTS:\n  libcurl3                        7.35.0-1ubuntu2.5\n  libcurl3-gnutls                 7.35.0-1ubuntu2.5\n  libcurl3-nss                    7.35.0-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n  libcurl3                        7.22.0-3ubuntu4.14\n  libcurl3-gnutls                 7.22.0-3ubuntu4.14\n  libcurl3-nss                    7.22.0-3ubuntu4.14\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c04986859\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04986859\nVersion: 1\n\nHPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware\n7 and cURL, Remote Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-02-19\nLast Updated: 2016-02-19\n\nPotential Security Impact: Remote Unauthorized Access\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities in cURL and libcurl have been addressed\nwith HPE iMC PLAT and other HP and H3C products using Comware 7. The\nvulnerabilities could be exploited remotely resulting in unauthorized access. \n\nReferences:\n\n  - CVE-2015-3143\n  - CVE-2015-3148\n  - SSRT102110\n  - PSRT110028\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n below for a list of impacted products. \n\nNote: all product versions are impacted prior to the fixed versions listed. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2015-3143    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\nCVE-2015-3148    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\nHPE has released the following software updates to resolve the\nvulnerabilities in Comware 7 and iMC Plat. \n\n**COMWARE 7 Products**\n\n  + 12500 (Comware 7) R7375\n    * HP Network Products\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JC072B HP 12500 Main Processing Unit\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n      - JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis\n      - JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis\n      - JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis\n      - JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis\n      - JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit\n      - JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module\n      - JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module\n      - JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module\n      - JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module\n      - JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module\n      - JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module\n      - JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module\n      - JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant\nModule\n      - JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module\n      - JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module\n      - JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module\n      - JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module\n      - JG798A HP FlexFabric 12508E Fabric Module\n    * H3C Products\n      - H3C S12508 Routing Switch (AC-1) (0235A0GE)\n      - H3C S12518 Routing Switch (AC-1) (0235A0GF)\n      - H3C S12508 Chassis (0235A0E6)\n      - H3C S12508 Chassis (0235A38N)\n      - H3C S12518 Chassis (0235A0E7)\n      - H3C S12518 Chassis (0235A38M)\n      - H3C 12508 DC Switch Chassis (0235A38L)\n      - H3C 12518 DC Switch Chassis (0235A38K)\n  + 10500 (Comware 7) R7168\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE\nModule\n      - JH192A HP 10500 48-port Gig-T (RJ45) SE Module\n      - JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module\n      - JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module\n      - JH195A HP 10500 6-port 40GbE QSFP+ EC Module\n      - JH196A HP 10500 2-port 100GbE CFP EC Module\n      - JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module\n  + 12900 (Comware 7) R1137\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + 5900 (Comware 7) R2422P01\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + 5920 (Comware 7) R2422P01\n    * HP Network Products\n      - JG296A HP 5920AF-24XG Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n  + MSR1000 (Comware 7) R0304P04\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + MSR2000 (Comware 7) R0304P04\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + MSR3000 (Comware 7) R0304P04\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + MSR4000 (Comware 7) R0304P04\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + VSR (Comware 7) E0321\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + 7900 (Comware 7) R2137\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + 5130 (Comware 7) R3109P09\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n  + 5700 (Comware 7) R2422P01\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + 5930 (Comware 7) R2422P01\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + HSR6602 (Comware 7) R7103P05\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + HSR6800 (Comware 7) R7103P05\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n      - JH075A) HP HSR6800 RSE-X3 Router Main Processing Unit\n  + 1950 R3109P09\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n\n**iMC**\n\n  + iMC Plat iMC Plat 7.1 (E0303P13)\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG550AAE  HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\n      - JG590AAE  HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\n      - JG659AAE  HP IMC Smart Connect VAE E-LTU\n      - JG660AAE  HP IMC Smart Connect w/WLM VAE E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG766AAE  HP IMC SmCnct Vrtl Applnc SW E-LTU\n      - JG767AAE  HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n\nHISTORY\nVersion:1 (rev.1) - 19 February 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. 7) - x86_64\n\n3. \n(BZ#1154060)\n\n* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. (BZ#1170339)\n\n* FTP operations such as downloading files took a significantly long time\nto complete. Now, the FTP implementation in libcurl correctly sets blocking\ndirection and estimated timeout for connections, resulting in faster FTP\ntransfers. (BZ#1066065)\n\n* The libcurl library did not implement a non-blocking SSL handshake, which\nnegatively affected performance of applications based on the libcurl multi\nAPI. The non-blocking SSL handshake has been implemented in libcurl, and\nthe libcurl multi API now immediately returns the control back to the\napplication whenever it cannot read or write data from or to the underlying\nnetwork socket. (BZ#1091429)\n\n* The libcurl library used an unnecessarily long blocking delay for actions\nwith no active file descriptors, even for short operations. Some actions,\nsuch as resolving a host name using /etc/hosts, took a long time to\ncomplete. The blocking code in libcurl has been modified so that the\ninitial delay is short and gradually increases until an event occurs. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.45.0-i486-1_slack14.1.txz:  Upgraded. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\ne9307566f43c3c12ac72f12cea688741  curl-7.45.0-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n5fe5a7733ce969f8f468c6b03cf6b1f7  curl-7.45.0-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n9d3d5ccbae7284c84c4667885bf9fd0d  curl-7.45.0-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n7e7f04d3de8d34b8b082729ceaa53ba9  curl-7.45.0-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n00bd418a8607ea74d1986c08d5358052  curl-7.45.0-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n23e7da7ab6846fed5d18b5f5399ac400  curl-7.45.0-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n76f010b92c755f16f19840723d845e21  curl-7.45.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndaf0b67147a50e44d89f8852632fcdf7  curl-7.45.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n8c2a5796d4a4ce840a767423667eb97b  curl-7.45.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n763157115101b63867217707ff4a9021  curl-7.45.0-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n0c2d192aff4af6f74281a1d724d31ce3  n/curl-7.45.0-i586-1.txz\n\nSlackware x86_64 -current package:\n4791e2bb2afd43ec0642d94e22259e81  n/curl-7.45.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.45.0-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: curl security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2015:1254-02\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1254.html\nIssue date:        2015-07-22\nUpdated on:        2014-12-15\nCVE Names:         CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 \n                   CVE-2015-3143 CVE-2015-3148 \n=====================================================================\n\n1. Summary:\n\nUpdated curl packages that fix multiple security issues, several bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker able\nto trick a user into connecting to a malicious server could use this flaw\nto set the user\u0027s cookie to a crafted domain, making other cookie-related\nissues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication\nof connection handles. If an application set the CURLOPT_COPYPOSTFIELDS\noption for a handle, using the handle\u0027s duplicate could cause the\napplication to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs\nwith embedded end-of-line characters. An attacker able to make an\napplication using libcurl to access a specially crafted URL via an HTTP\nproxy could use this flaw to inject additional headers to the request or\nconstruct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotatiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specifc way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the wrong\nauthenticated user. Additionally, the initial set of credentials for HTTP\nNegotiate-authenticated requests could be reused in subsequent requests,\nalthough a different set of credentials was specified. (CVE-2015-3143,\nCVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues. \n\nBug fixes:\n\n* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available\nwith libcurl. Attackers could abuse the fallback to force downgrade of the\nSSL version. The fallback has been removed from libcurl. Users requiring\nthis functionality can explicitly enable SSLv3.0 through the libcurl API. \n(BZ#1154059)\n\n* A single upload transfer through the FILE protocol opened the destination\nfile twice. If the inotify kernel subsystem monitored the file, two events\nwere produced unnecessarily. The file is now opened only once per upload. \n(BZ#883002)\n\n* Utilities using libcurl for SCP/SFTP transfers could terminate\nunexpectedly when the system was running in FIPS mode. (BZ#1008178)\n\n* Using the \"--retry\" option with the curl utility could cause curl to\nterminate unexpectedly with a segmentation fault. Now, adding \"--retry\" no\nlonger causes curl to crash. (BZ#1009455)\n\n* The \"curl --trace-time\" command did not use the correct local time when\nprinting timestamps. Now, \"curl --trace-time\" works as expected. \n(BZ#1120196)\n\n* The valgrind utility could report dynamically allocated memory leaks on\ncurl exit. Now, curl performs a global shutdown of the NetScape Portable\nRuntime (NSPR) library on exit, and valgrind no longer reports the memory\nleaks. (BZ#1146528)\n\n* Previously, libcurl returned an incorrect value of the\nCURLINFO_HEADER_SIZE field when a proxy server appended its own headers to\nthe HTTP response. Now, the returned value is valid. (BZ#1161163)\n\nEnhancements:\n\n* The \"--tlsv1.0\", \"--tlsv1.1\", and \"--tlsv1.2\" options are available for\nspecifying the minor version of the TLS protocol to be negotiated by NSS. \nThe \"--tlsv1\" option now negotiates the highest version of the TLS protocol\nsupported by both the client and the server. (BZ#1012136)\n\n* It is now possible to explicitly enable or disable the ECC and the new\nAES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n835898 - Bug in DNS cache causes connections until restart of libcurl-using processes\n883002 - curl used with file:// protocol opens and closes a destination file twice\n997185 - sendrecv.c example incorrect type for sockfd\n1008178 - curl scp download fails in fips mode\n1011083 - CA certificate cannot be specified by nickname [documentation bug]\n1011101 - manpage typos found using aspell\n1058767 - curl does not support ECDSA certificates\n1104160 - Link in curl man page is wrong\n1136154 - CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain\n1154059 - curl: Disable out-of-protocol fallback to SSL 3.0\n1154747 - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth\n1154941 - CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS\n1156422 - curl does not allow explicit control of DHE ciphers\n1161163 - Response headers added by proxy servers missing in CURLINFO_HEADER_SIZE\n1168137 - curl closes connection after HEAD request fails\n1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn()\n1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated\n1213351 - CVE-2015-3148 curl: Negotiate not treated as connection-oriented\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\ni386:\ncurl-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\n\nx86_64:\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\ni386:\ncurl-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\n\nppc64:\ncurl-7.19.7-46.el6.ppc64.rpm\ncurl-debuginfo-7.19.7-46.el6.ppc.rpm\ncurl-debuginfo-7.19.7-46.el6.ppc64.rpm\nlibcurl-7.19.7-46.el6.ppc.rpm\nlibcurl-7.19.7-46.el6.ppc64.rpm\nlibcurl-devel-7.19.7-46.el6.ppc.rpm\nlibcurl-devel-7.19.7-46.el6.ppc64.rpm\n\ns390x:\ncurl-7.19.7-46.el6.s390x.rpm\ncurl-debuginfo-7.19.7-46.el6.s390.rpm\ncurl-debuginfo-7.19.7-46.el6.s390x.rpm\nlibcurl-7.19.7-46.el6.s390.rpm\nlibcurl-7.19.7-46.el6.s390x.rpm\nlibcurl-devel-7.19.7-46.el6.s390.rpm\nlibcurl-devel-7.19.7-46.el6.s390x.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\ni386:\ncurl-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3613\nhttps://access.redhat.com/security/cve/CVE-2014-3707\nhttps://access.redhat.com/security/cve/CVE-2014-8150\nhttps://access.redhat.com/security/cve/CVE-2015-3143\nhttps://access.redhat.com/security/cve/CVE-2015-3148\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVrzSJXlSAg2UNWIIRAnEiAJ9xqOogsAzooomZ4VeMgA+gUwEuTwCfTzMn\nemWApg/iYw5vIs3rWoqmU7A=\n=p+Xb\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148\n http://advisories.mageia.org/MGASA-2015-0179.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n fd3f4894f5c5215c29b84d70f2c6ada2  mbs1/x86_64/curl-7.24.0-3.9.mbs1.x86_64.rpm\n a00d0747b4d6ae22475948119a42efc4  mbs1/x86_64/curl-examples-7.24.0-3.9.mbs1.x86_64.rpm\n d5291ae320dd5766e4b981ff66b36e19  mbs1/x86_64/lib64curl4-7.24.0-3.9.mbs1.x86_64.rpm\n 62d5295190433ca4ff7d2cda746d6b16  mbs1/x86_64/lib64curl-devel-7.24.0-3.9.mbs1.x86_64.rpm \n 5bcf6538291f947870a9ccfe62c9ea6d  mbs1/SRPMS/curl-7.24.0-3.9.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVRx8emqjQ0CJFipgRAsfvAJ9Sn2C56m2GSJfYRC+l1x9iUmoePwCeOcgv\nC0vndeaT5lGPwsIYy65q4r4=\n=GbzX\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-3143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002484"
          },
          {
            "db": "BID",
            "id": "74299"
          },
          {
            "db": "VULHUB",
            "id": "VHN-81104"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3143"
          },
          {
            "db": "PACKETSTORM",
            "id": "131699"
          },
          {
            "db": "PACKETSTORM",
            "id": "135878"
          },
          {
            "db": "PACKETSTORM",
            "id": "134443"
          },
          {
            "db": "PACKETSTORM",
            "id": "134138"
          },
          {
            "db": "PACKETSTORM",
            "id": "132792"
          },
          {
            "db": "PACKETSTORM",
            "id": "131726"
          }
        ],
        "trust": 2.61
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-81104",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81104"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-3143",
            "trust": 3.5
          },
          {
            "db": "JUNIPER",
            "id": "JSA10743",
            "trust": 1.5
          },
          {
            "db": "BID",
            "id": "74299",
            "trust": 1.5
          },
          {
            "db": "SECTRACK",
            "id": "1032232",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002484",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-500",
            "trust": 0.7
          },
          {
            "db": "SECUNIA",
            "id": "64164",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "64284",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "131699",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "135878",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "131726",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "134138",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "133700",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "131588",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "131727",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-81104",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3143",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134443",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "132792",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81104"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3143"
          },
          {
            "db": "BID",
            "id": "74299"
          },
          {
            "db": "PACKETSTORM",
            "id": "131699"
          },
          {
            "db": "PACKETSTORM",
            "id": "135878"
          },
          {
            "db": "PACKETSTORM",
            "id": "134443"
          },
          {
            "db": "PACKETSTORM",
            "id": "134138"
          },
          {
            "db": "PACKETSTORM",
            "id": "132792"
          },
          {
            "db": "PACKETSTORM",
            "id": "131726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002484"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3143"
          }
        ]
      },
      "id": "VAR-201504-0147",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81104"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T23:26:35.745000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
            "trust": 0.8,
            "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
          },
          {
            "title": "HT205031",
            "trust": 0.8,
            "url": "https://support.apple.com/en-us/HT205031"
          },
          {
            "title": "HT205031",
            "trust": 0.8,
            "url": "https://support.apple.com/ja-jp/HT205031"
          },
          {
            "title": "DSA-3232",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2015/dsa-3232"
          },
          {
            "title": "HPSBHF03544",
            "trust": 0.8,
            "url": "http://marc.info/?l=bugtraq\u0026m=145612005512270\u0026w=2"
          },
          {
            "title": "HPSBMU03546",
            "trust": 0.8,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
          },
          {
            "title": "Re-using authenticated connection when unauthenticated",
            "trust": 0.8,
            "url": "http://curl.haxx.se/docs/adv_20150422A.html"
          },
          {
            "title": "USN-2591-1",
            "trust": 0.8,
            "url": "http://www.ubuntu.com/usn/USN-2591-1"
          },
          {
            "title": "Red Hat: Moderate: curl security, bug fix, and enhancement update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20152159 - Security Advisory"
          },
          {
            "title": "Red Hat: CVE-2015-3143",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-3143"
          },
          {
            "title": "Ubuntu Security Notice: curl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2591-1"
          },
          {
            "title": "Debian Security Advisories: DSA-3232-1 curl -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6e7bbc3a8db398caa606cf6110790ac9"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2015-514",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-514"
          },
          {
            "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
          },
          {
            "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-3143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002484"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81104"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002484"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3143"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.1,
            "url": "http://advisories.mageia.org/mgasa-2015-0179.html"
          },
          {
            "trust": 2.1,
            "url": "http://curl.haxx.se/docs/adv_20150422a.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.debian.org/security/2015/dsa-3232"
          },
          {
            "trust": 1.5,
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "trust": 1.3,
            "url": "http://www.securityfocus.com/bid/74299"
          },
          {
            "trust": 1.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2015-1254.html"
          },
          {
            "trust": 1.3,
            "url": "http://www.ubuntu.com/usn/usn-2591-1"
          },
          {
            "trust": 1.2,
            "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
          },
          {
            "trust": 1.2,
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "trust": 1.2,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
          },
          {
            "trust": 1.2,
            "url": "https://support.apple.com/kb/ht205031"
          },
          {
            "trust": 1.2,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155957.html"
          },
          {
            "trust": 1.2,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/156250.html"
          },
          {
            "trust": 1.2,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157017.html"
          },
          {
            "trust": 1.2,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157188.html"
          },
          {
            "trust": 1.2,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156945.html"
          },
          {
            "trust": 1.2,
            "url": "https://security.gentoo.org/glsa/201509-02"
          },
          {
            "trust": 1.2,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:219"
          },
          {
            "trust": 1.2,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:220"
          },
          {
            "trust": 1.2,
            "url": "http://www.securitytracker.com/id/1032232"
          },
          {
            "trust": 1.2,
            "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=145612005512270\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10743"
          },
          {
            "trust": 1.0,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3143"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3143"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3148"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3143"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/64164"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/64284"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2015-3143"
          },
          {
            "trust": 0.3,
            "url": "http://curl.haxx.se/"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213306"
          },
          {
            "trust": 0.3,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10743\u0026cat=sirt_1\u0026actp=list"
          },
          {
            "trust": 0.3,
            "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023307"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957883"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903004"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966972"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967789"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3144"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3145"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3613"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2014-3707"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8150"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2014-3613"
          },
          {
            "trust": 0.2,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3707"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-3148"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2014-8150"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3148"
          },
          {
            "trust": 0.1,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10743"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026amp;m=145612005512270\u0026amp;w=2"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/264.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2015:2159"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/2591-1/"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38682"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3153"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
          },
          {
            "trust": 0.1,
            "url": "http://www.hpe.com/support/security_bulletin_archive"
          },
          {
            "trust": 0.1,
            "url": "http://www.hpe.com/support/subscriber_choice"
          },
          {
            "trust": 0.1,
            "url": "https://rhn.redhat.com/errata/rhsa-2015-2159.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3236"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.1,
            "url": "http://osuosl.org)"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3145"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3236"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com/gpg-key"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3144"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3237"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/en/support/security/"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/en/support/security/advisories/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81104"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3143"
          },
          {
            "db": "BID",
            "id": "74299"
          },
          {
            "db": "PACKETSTORM",
            "id": "131699"
          },
          {
            "db": "PACKETSTORM",
            "id": "135878"
          },
          {
            "db": "PACKETSTORM",
            "id": "134443"
          },
          {
            "db": "PACKETSTORM",
            "id": "134138"
          },
          {
            "db": "PACKETSTORM",
            "id": "132792"
          },
          {
            "db": "PACKETSTORM",
            "id": "131726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002484"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3143"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-81104",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3143",
            "ident": null
          },
          {
            "db": "BID",
            "id": "74299",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "131699",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "135878",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134443",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134138",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "132792",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "131726",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-500",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002484",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3143",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2015-04-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-81104",
            "ident": null
          },
          {
            "date": "2015-04-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-3143",
            "ident": null
          },
          {
            "date": "2015-04-22T00:00:00",
            "db": "BID",
            "id": "74299",
            "ident": null
          },
          {
            "date": "2015-04-30T15:48:24",
            "db": "PACKETSTORM",
            "id": "131699",
            "ident": null
          },
          {
            "date": "2016-02-23T05:11:25",
            "db": "PACKETSTORM",
            "id": "135878",
            "ident": null
          },
          {
            "date": "2015-11-20T00:41:15",
            "db": "PACKETSTORM",
            "id": "134443",
            "ident": null
          },
          {
            "date": "2015-10-30T23:23:03",
            "db": "PACKETSTORM",
            "id": "134138",
            "ident": null
          },
          {
            "date": "2015-07-22T17:57:59",
            "db": "PACKETSTORM",
            "id": "132792",
            "ident": null
          },
          {
            "date": "2015-05-04T17:18:17",
            "db": "PACKETSTORM",
            "id": "131726",
            "ident": null
          },
          {
            "date": "2015-04-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201504-500",
            "ident": null
          },
          {
            "date": "2015-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-002484",
            "ident": null
          },
          {
            "date": "2015-04-24T14:59:08.187000",
            "db": "NVD",
            "id": "CVE-2015-3143",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-01-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-81104",
            "ident": null
          },
          {
            "date": "2018-01-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-3143",
            "ident": null
          },
          {
            "date": "2016-07-06T14:27:00",
            "db": "BID",
            "id": "74299",
            "ident": null
          },
          {
            "date": "2015-04-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201504-500",
            "ident": null
          },
          {
            "date": "2016-09-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-002484",
            "ident": null
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-3143",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-500"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "cURL and  libcurl Vulnerabilities connected as other users",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-002484"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-500"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202206-1961

    Vulnerability from variot - Updated: 2026-04-10 23:24

    When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: curl security update Advisory ID: RHSA-2022:6159-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6159 Issue date: 2022-08-24 CVE Names: CVE-2022-32206 CVE-2022-32208 ==================================================================== 1. Summary:

    An update for curl is now available for Red Hat Enterprise Linux 8.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

    1. Description:

    The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

    Security Fix(es):

    • curl: HTTP compression denial of service (CVE-2022-32206)

    • curl: FTP-KRB bad message verification (CVE-2022-32208)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification

    1. Package List:

    Red Hat Enterprise Linux BaseOS (v. 8):

    Source: curl-7.61.1-22.el8_6.4.src.rpm

    aarch64: curl-7.61.1-22.el8_6.4.aarch64.rpm curl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm curl-debugsource-7.61.1-22.el8_6.4.aarch64.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm libcurl-7.61.1-22.el8_6.4.aarch64.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm libcurl-devel-7.61.1-22.el8_6.4.aarch64.rpm libcurl-minimal-7.61.1-22.el8_6.4.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm

    ppc64le: curl-7.61.1-22.el8_6.4.ppc64le.rpm curl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm curl-debugsource-7.61.1-22.el8_6.4.ppc64le.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-devel-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-minimal-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm

    s390x: curl-7.61.1-22.el8_6.4.s390x.rpm curl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm curl-debugsource-7.61.1-22.el8_6.4.s390x.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm libcurl-7.61.1-22.el8_6.4.s390x.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm libcurl-devel-7.61.1-22.el8_6.4.s390x.rpm libcurl-minimal-7.61.1-22.el8_6.4.s390x.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm

    x86_64: curl-7.61.1-22.el8_6.4.x86_64.rpm curl-debuginfo-7.61.1-22.el8_6.4.i686.rpm curl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm curl-debugsource-7.61.1-22.el8_6.4.i686.rpm curl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm libcurl-7.61.1-22.el8_6.4.i686.rpm libcurl-7.61.1-22.el8_6.4.x86_64.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm libcurl-devel-7.61.1-22.el8_6.4.i686.rpm libcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm libcurl-minimal-7.61.1-22.el8_6.4.i686.rpm libcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYwa9b9zjgjWX9erEAQi1rQ/+Kw4R4cPAIlGUx4vJwSMw8zwCDxnLviV+ YgCpaCuUwCkWI9hrAQNC1O5i2MSl7j8jI9dt0Oe770VwNIZPzJMK8MX96zYdeOsg EiuwTW5KTWKwCeAvPt6ydVji9R0N7FMDBxmdi1aE8gBt8J6pIwp4ozrR4jXiXCjB dQJlc2kf7YXDiengte1jpXNCFh2ar9t8lqmW53Hu05zR8VFdAPk6NM1kTIploICN blR9t80TbWouBvN2A6gIZ0ZWnbJOY9odCBHdo5ay8kufmQC0K9QKb7jyoaUUHVau 5/HVbncd7bFQuyu+yGoOxU1TCxwee3B9LAmR4uzDdJcaTxPgvK2cyskdTVz+9N9k nJLDYGaL7UNC7YkbByN58VC6fdGsnn8QIXHg7ICTgdhYiPZ3uP5JUiDrAGKKb/v+ XPtwYHuh6yX0OfS0JqFEMjR0P1rFLiuDNBOPBDiTV2mBVd+7kiNTs1izUDGwQeFd VaNNNU4kpD3FGOgRwxIAKz2qCX+Ody8goBeJJPGcVlmDp025ZrMisl1QC8/3eTas ML+TSvTeaSY/I35uPzKsoh1f+/lAwUsB54I6NxHH3vWYryievuSdpjtNsQInACjw owX+pU5CfOwdD56Hqdhb7fjuJVufo6VC8b0zy/vSZYnNt0cfojXA73F3B1K5+XcF bBkTeh+fqsg=powM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

    Security fix:

    • CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

    Bug fixes:

    • Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)

    • RHACM 2.3.12 images (BZ# 2101411)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

    1. Description:

    OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:

    Security Fix(es):

    • golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)

    • kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)

    • golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)

    • golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)

    • golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)

    • golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

    • golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)

    • golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)

    • golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)

    • golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

    • golang: syscall: faccessat checks wrong group (CVE-2022-29526)

    • golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

    • golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

    • golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

    • golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

    • golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

    • golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

    • golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    RHEL-8-CNV-4.12

    ============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1719190 - Unable to cancel live-migration if virt-launcher pod in pending state 2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040377 - Unable to delete failed VMIM after VM deleted 2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed 2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2060499 - [RFE] Cannot add additional service (or other objects) to VM template 2069098 - Large scale |VMs migration is slow due to low migration parallelism 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2071491 - Storage Throughput metrics are incorrect in Overview 2072797 - Metrics in Virtualization -> Overview period is not clear or configurable 2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers 2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode 2086551 - Min CPU feature found in labels 2087724 - Default template show no boot source even there are auto-upload boot sources 2088129 - [SSP] webhook does not comply with restricted security context 2088464 - [CDI] cdi-deployment does not comply with restricted security context 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2089744 - HCO should label its control plane namespace to admit pods at privileged security level 2089751 - 4.12.0 containers 2089804 - 4.12.0 rpms 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer 2093771 - The disk source should be PVC if the template has no auto-update boot source 2093996 - kubectl get vmi API should always return primary interface if exist 2094202 - Cloud-init username field should have hint 2096285 - KubeVirt CR API documentation is missing docs for many fields 2096780 - [RFE] Add ssh-key and sysprep to template scripts tab 2097436 - Online disk expansion ignores filesystem overhead change 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2099556 - [RFE] Add option to enable RDP service for windows vm 2099573 - [RFE] Improve template's message about not editable 2099923 - [RFE] Merge "SSH access" and "SSH command" into one 2100290 - Error is not dismissed on catalog review page 2100436 - VM list filtering ignores VMs in error-states 2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2100629 - Update nested support KBASE article 2100679 - The number of hardware devices is not correct in vm overview tab 2100682 - All hardware devices get deleted while just delete one 2100684 - Workload profile are not editable during creation and after creation 2101144 - VM filter has two "Other" checkboxes which are triggered together 2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode 2101167 - Edit buttons clickable area is too large. 2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id 2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state 2101390 - Easy to miss the "tick" when adding GPU device to vm via UI 2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id 2101423 - wrong user name on using ignition 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2101445 - "Pending changes - Boot Order" 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2101499 - Cannot add NIC to VM template as non-priv user 2101501 - NAME parameter in VM template has no effect. 2101628 - non-priv user cannot load dataSource while edit template's rootdisk 2101667 - VMI view is not aligned with vm and tempates 2101681 - All templates are labeling "source available" in template list page 2102074 - VM Creation time on VM Overview Details card lacks string 2102125 - vm clone modal is displaying DV size instead of PVC size 2102132 - align the utilization card of single VM overview with the design 2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"? 2102256 - Add button moved to right 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other' 2102561 - sysprep-info should link to downstream doc 2102737 - Clone a VM should lead to vm overview tab 2102740 - "Save" button on vm clone modal should be "Clone" 2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab 2103807 - PVC is not named by VM name while creating vm quickly 2103817 - Workload profile values in vm details should align with template's value 2103844 - VM nic model is empty 2104331 - VM list page scroll up automatically 2104402 - VM create button is not enabled while adding multiple environment disks 2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed 2104424 - Enable descheduler or hide it on template's scheduling tab 2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted 2104480 - Alerts in VM overview tab disappeared after a few seconds 2104785 - "Add disk" and "Disks" are on the same line 2104859 - [RFE] Add "Copy SSH command" to VM action list 2105257 - Can't set log verbosity level for virt-operator pod 2106175 - All pages are crashed after visit Virtualization -> Overview 2106963 - Cannot add configmap for windows VM 2107279 - VM Template's bootable disk can be marked as bootable 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108339 - datasource does not provide timestamp when updated 2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed 2109818 - Upstream metrics documentation is not detailed enough 2109975 - DataVolume fails to import "cirros-container-disk-demo" image 2110256 - Storage -> PVC -> upload data, does not support source reference 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2111240 - GiB changes to B in Template's Edit boot source reference modal 2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics 2111328 - kubevirt plugin console crashed after visit vmi page 2111378 - VM SSH command generated by UI points at api VIP 2111744 - Cloned template should not label app.kubernetes.io/name: common-templates 2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi) 2112900 - button style are different 2114516 - Nothing happens after clicking on Fedora cloud image list link 2114636 - The style of displayed items are not unified on VM tabs 2114683 - VM overview tab is crashed just after the vm is created 2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12 2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items 2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates 2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF' 2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found" 2117549 - Cannot edit cloud-init data after add ssh key 2117803 - Cannot edit ssh even vm is stopped 2117813 - Improve descriptive text of VM details while VM is off 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 2118257 - outdated doc link tolerations modal 2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format 2119069 - Unable to start windows VMs on PSI setups 2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2119309 - readinessProbe in VM stays on failed 2119615 - Change the disk size causes the unit changed 2120907 - Cannot filter disks by label 2121320 - Negative values in migration metrics 2122236 - Failing to delete HCO with SSP sticking around 2122990 - VMExport should check APIGroup 2124147 - "ReadOnlyMany" should not be added to supported values in memory dump 2124307 - Ui crash/stuck on loading when trying to detach disk on a VM 2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it 2124555 - View documentation link on MigrationPolicies page des not work 2124557 - MigrationPolicy description is not displayed on Details page 2124558 - Non-privileged user can start MigrationPolicy creation 2124565 - Deleted DataSource reappears in list 2124572 - First annotation can not be added to DataSource 2124582 - Filtering VMs by OS does not work 2124594 - Docker URL validation is inconsistent over application 2124597 - Wrong case in Create DataSource menu 2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile 2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state 2127787 - Expose the PVC source of the dataSource on UI 2127843 - UI crashed by selecting "Live migration network" 2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes 2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer 2128002 - Error after VM template deletion 2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards 2128872 - [4.11]Can't restore cloned VM 2128948 - Cannot create DataSource from default YAML 2128949 - Cannot create MigrationPolicy from example YAML 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129234 - Service is not deleted along with the VM when the VM is created from a template with service 2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data' 2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook 2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV 2130588 - crypto-policy : Common Ciphers support by apiserver and hco 2130695 - crypto-policy : Logging Improvement and publish the source of ciphers 2130909 - Non-privileged user can start DataSource creation 2131157 - KV data transfer rate chart in VM Metrics tab is not displayed 2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough 2131674 - Bump virtlogd memory requirement to 20Mi 2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11 2132682 - Default YAML entity name convention. 2132721 - Delete dialogs 2132744 - Description text is missing in Live Migrations section 2132746 - Background is broken in Virtualization Monitoring page 2132783 - VM can not be created from Template with edited boot source 2132793 - Edited Template BSR is not saved 2132932 - Typo in PVC size units menu 2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed 2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed 2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed 2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed 2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed 2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed 2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed 2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed 2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod 2134672 - [e2e] add data-test-id for catalog -> storage section 2134825 - Authorization for expand-spec endpoint missing 2135805 - Windows 2022 template is missing vTPM and UEFI params in spec 2136051 - Name jumping when trying to create a VM with source from catalog 2136425 - Windows 11 is detected as Windows 10 2136534 - Not possible to specify a TTL on VMExports 2137123 - VMExport: export pod is not PSA complaint 2137241 - Checkbox about delete vm disks is not loaded while deleting VM 2137243 - registery input add docker prefix twice 2137349 - "Manage source" action infinitely loading on DataImportCron details page 2137591 - Inconsistent dialog headings/titles 2137731 - Link of VM status in overview is not working 2137733 - No link for VMs in error status in "VirtualMachine statuses" card 2137736 - The column name "MigrationPolicy name" can just be "Name" 2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly 2138112 - Unsupported S3 endpoint option in Add disk modal 2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals 2138199 - Win11 and Win22 templates are not filtered properly by Template provider 2138653 - Saving Template prameters reloads the page 2138657 - Setting DATA_SOURCE_ Template parameters makes VM creation fail 2138664 - VM that was created with SSH key fails to start 2139257 - Cannot add disk via "Using an existing PVC" 2139260 - Clone button is disabled while VM is running 2139293 - Non-admin user cannot load VM list page 2139296 - Non-admin cannot load MigrationPolicies page 2139299 - No auto-generated VM name while creating VM by non-admin user 2139306 - Non-admin cannot create VM via customize mode 2139479 - virtualization overview crashes for non-priv user 2139574 - VM name gets "emptyname" if click the create button quickly 2139651 - non-priv user can click create when have no permissions 2139687 - catalog shows template list for non-priv users 2139738 - [4.12]Can't restore cloned VM 2139820 - non-priv user cant reach vm details 2140117 - Provide upgrade path from 4.11.1->4.12.0 2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project 2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user 2140627 - Not able to select storageClass if there is no default storageclass defined 2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user 2140808 - Hyperv feature set to "enabled: false" prevents scheduling 2140977 - Alerts number is not correct on Virtualization overview 2140982 - The base template of cloned template is "Not available" 2140998 - Incorrect information shows in overview page per namespace 2141089 - Unable to upload boot images. 2141302 - Unhealthy states alerts and state metrics are missing 2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations 2141494 - "Start in pause mode" option is not available while creating the VM 2141654 - warning log appearing on VMs: found no SR-IOV networks 2141711 - Node column selector is redundant for non-priv user 2142468 - VM action "Stop" should not be disabled when VM in pause state 2142470 - Delete a VM or template from all projects leads to 404 error 2142511 - Enhance alerts card in overview 2142647 - Error after MigrationPolicy deletion 2142891 - VM latency checkup: Failed to create the checkup's Job 2142929 - Permission denied when try get instancestypes 2143268 - Topolvm storageProfile missing accessModes and volumeMode 2143498 - Could not load template while creating VM from catalog 2143964 - Could not load template while creating VM from catalog 2144580 - "?" icon is too big in VM Template Disk tab 2144828 - "?" icon is too big in VM Template Disk tab 2144839 - Alerts number is not correct on Virtualization overview 2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten 2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container


    1. Gentoo Linux Security Advisory GLSA 202212-01

                                           https://security.gentoo.org/
    

    Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01


    Synopsis

    Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

    Background

    A command line tool and library for transferring data with URLs.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-misc/curl < 7.86.0 >= 7.86.0

    Description

    Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All curl users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"

    References

    [ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202212-01

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . Bugs fixed (https://bugzilla.redhat.com/):

    2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

    1. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/

    Security fixes:

    • moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)
    • vm2: Sandbox Escape in vm2 (CVE-2022-36067)

    Bug fixes:

    • Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters (BZ# 2074547)

    • OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constrain (BZ# 2082254)

    • subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec (BZ# 2083659)

    • Yaml editor for creating vSphere cluster moves to next line after typing (BZ# 2086883)

    • Submariner addon status doesn't track all deployment failures (BZ# 2090311)

    • Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret (BZ# 2091170)

    • After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors (BZ# 2095481)

    • Enforce failed and report the violation after modified memory value in limitrange policy (BZ# 2100036)

    • Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" (BZ# 2101577)

    • Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies (BZ# 2102273)

    • managed cluster is in "unknown" state for 120 mins after OADP restore

    • RHACM 2.5.2 images (BZ# 2104553)

    • Subscription UI does not allow binding to label with empty value (BZ# 2104961)

    • Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ# 2106069)

    • Region information is not available for Azure cloud in managedcluster CR (BZ# 2107134)

    • cluster uninstall log points to incorrect container name (BZ# 2107359)

    • ACM shows wrong path for Argo CD applicationset git generator (BZ# 2107885)

    • Single node checkbox not visible for 4.11 images (BZ# 2109134)

    • Unable to deploy hypershift cluster when enabling validate-cluster-security (BZ# 2109544)

    • Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application (BZ# 20110026)

    • After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating (BZ# 2117728)

    • pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)

    • ArgoCD and AppSet Applications do not deploy to local-cluster (BZ# 2124707)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters 2082254 - OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constraint 2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec 2086883 - Yaml editor for creating vSphere cluster moves to next line after typing 2090311 - Submariner addon status doesn't track all deployment failures 2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret 2095481 - After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors 2100036 - Enforce failed and report the violation after modified memory value in limitrange policy 2101577 - Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" 2102273 - Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies 2103653 - managed cluster is in "unknown" state for 120 mins after OADP restore 2104553 - RHACM 2.5.2 images 2104961 - Subscription UI does not allow binding to label with empty value 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD 2107134 - Region information is not available for Azure cloud in managedcluster CR 2107359 - cluster uninstall log points to incorrect container name 2107885 - ACM shows wrong path for Argo CD applicationset git generator 2109134 - Single node checkbox not visible for 4.11 images 2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application 2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating 2122292 - pods in CrashLoopBackoff on 3.11 managed cluster 2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2

    5

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "_id": null,
            "model": "bootstrap os",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "solidfire",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.16.4"
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "_id": null,
            "model": "hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "element software",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.84.0"
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32208"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168158"
          },
          {
            "db": "PACKETSTORM",
            "id": "168213"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "168289"
          },
          {
            "db": "PACKETSTORM",
            "id": "168503"
          },
          {
            "db": "PACKETSTORM",
            "id": "168378"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-32208",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-32208",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-424135",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2022-32208",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-32208",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-32208",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-424135",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424135"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32208"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32208"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. Harry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: curl security update\nAdvisory ID:       RHSA-2022:6159-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:6159\nIssue date:        2022-08-24\nCVE Names:         CVE-2022-32206 CVE-2022-32208\n====================================================================\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: HTTP compression denial of service (CVE-2022-32206)\n\n* curl: FTP-KRB bad message verification (CVE-2022-32208)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ncurl-7.61.1-22.el8_6.4.src.rpm\n\naarch64:\ncurl-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\n\nppc64le:\ncurl-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\n\ns390x:\ncurl-7.61.1-22.el8_6.4.s390x.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.s390x.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\n\nx86_64:\ncurl-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.i686.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYwa9b9zjgjWX9erEAQi1rQ/+Kw4R4cPAIlGUx4vJwSMw8zwCDxnLviV+\nYgCpaCuUwCkWI9hrAQNC1O5i2MSl7j8jI9dt0Oe770VwNIZPzJMK8MX96zYdeOsg\nEiuwTW5KTWKwCeAvPt6ydVji9R0N7FMDBxmdi1aE8gBt8J6pIwp4ozrR4jXiXCjB\ndQJlc2kf7YXDiengte1jpXNCFh2ar9t8lqmW53Hu05zR8VFdAPk6NM1kTIploICN\nblR9t80TbWouBvN2A6gIZ0ZWnbJOY9odCBHdo5ay8kufmQC0K9QKb7jyoaUUHVau\n5/HVbncd7bFQuyu+yGoOxU1TCxwee3B9LAmR4uzDdJcaTxPgvK2cyskdTVz+9N9k\nnJLDYGaL7UNC7YkbByN58VC6fdGsnn8QIXHg7ICTgdhYiPZ3uP5JUiDrAGKKb/v+\nXPtwYHuh6yX0OfS0JqFEMjR0P1rFLiuDNBOPBDiTV2mBVd+7kiNTs1izUDGwQeFd\nVaNNNU4kpD3FGOgRwxIAKz2qCX+Ody8goBeJJPGcVlmDp025ZrMisl1QC8/3eTas\nML+TSvTeaSY/I35uPzKsoh1f+/lAwUsB54I6NxHH3vWYryievuSdpjtNsQInACjw\nowX+pU5CfOwdD56Hqdhb7fjuJVufo6VC8b0zy/vSZYnNt0cfojXA73F3B1K5+XcF\nbBkTeh+fqsg=powM\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.12 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity fix:\n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\nBug fixes:\n\n* Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)\n\n* RHACM 2.3.12 images (BZ# 2101411)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation\n2101411 - RHACM 2.3.12 images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. This advisory contains the following\nOpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions\n(CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift  Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: curl: Multiple Vulnerabilities\n     Date: December 19, 2022\n     Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n       ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl              \u003c 7.86.0                    \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/\n\nSecurity fixes:\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* Submariner Globalnet e2e tests failed on MTU between On-Prem to Public\nclusters (BZ# 2074547)\n\n* OCP 4.11 - Install fails because of: pods\n\"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate\nagainst any security context constrain (BZ# 2082254)\n\n* subctl gather fails to gather libreswan data if CableDriver field is\nmissing/empty in Submariner Spec (BZ# 2083659)\n\n* Yaml editor for creating vSphere cluster moves to next line after typing\n(BZ# 2086883)\n\n* Submariner addon status doesn\u0027t track all deployment failures (BZ#\n2090311)\n\n* Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn\nwithout including s3 secret (BZ# 2091170)\n\n* After switching to ACM 2.5 the managed clusters log \"unable to create\nClusterClaim\" errors (BZ# 2095481)\n\n* Enforce failed and report the violation after modified memory value in\nlimitrange policy (BZ# 2100036)\n\n* Creating an application fails with \"This application has no subscription\nmatch selector (spec.selector.matchExpressions)\" (BZ# 2101577)\n\n* Inconsistent cluster resource statuses between \"All Subscription\"\ntopology and individual topologies (BZ# 2102273)\n\n* managed cluster is in \"unknown\" state for 120 mins after OADP restore\n\n* RHACM 2.5.2 images (BZ# 2104553)\n\n* Subscription UI does not allow binding to label with empty value (BZ#\n2104961)\n\n* Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ#\n2106069)\n\n* Region information is not available for Azure cloud in managedcluster CR\n(BZ# 2107134)\n\n* cluster uninstall log points to incorrect container name (BZ# 2107359)\n\n* ACM shows wrong path for Argo CD applicationset git generator (BZ#\n2107885)\n\n* Single node checkbox not visible for 4.11 images (BZ# 2109134)\n\n* Unable to deploy hypershift cluster when enabling\nvalidate-cluster-security (BZ# 2109544)\n\n* Deletion of Application (including app related resources) from the\nconsole fails to delete PlacementRule for the application (BZ# 20110026)\n\n* After the creation by a policy of job or deployment (in case the object\nis missing)ACM is trying to add new containers instead of updating (BZ#\n2117728)\n\n* pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)\n\n* ArgoCD and AppSet Applications do not deploy to local-cluster (BZ#\n2124707)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters\n2082254 - OCP 4.11 - Install fails because of: pods \"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate against any security context constraint\n2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec\n2086883 - Yaml editor for creating vSphere cluster moves to next line after typing\n2090311 - Submariner addon status doesn\u0027t track all deployment failures\n2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret\n2095481 - After switching to ACM 2.5 the managed clusters log \"unable to create ClusterClaim\" errors\n2100036 - Enforce failed and report the violation after modified memory value in limitrange policy\n2101577 - Creating an application fails with \"This application has no subscription match selector (spec.selector.matchExpressions)\"\n2102273 - Inconsistent cluster resource statuses between \"All Subscription\" topology and individual topologies\n2103653 - managed cluster is in \"unknown\" state for 120 mins after OADP restore\n2104553 - RHACM 2.5.2 images\n2104961 - Subscription UI does not allow binding to label with empty value\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD\n2107134 - Region information is not available for Azure cloud in managedcluster CR\n2107359 - cluster uninstall log points to incorrect container name\n2107885 - ACM shows wrong path for Argo CD applicationset git generator\n2109134 - Single node checkbox not visible for 4.11 images\n2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application\n2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating\n2122292 - pods in CrashLoopBackoff on 3.11 managed cluster\n2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster\n2124794 - CVE-2022-36067 vm2:  Sandbox Escape in vm2\n\n5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32208"
          },
          {
            "db": "VULHUB",
            "id": "VHN-424135"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32208"
          },
          {
            "db": "PACKETSTORM",
            "id": "168158"
          },
          {
            "db": "PACKETSTORM",
            "id": "168213"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "168289"
          },
          {
            "db": "PACKETSTORM",
            "id": "168503"
          },
          {
            "db": "PACKETSTORM",
            "id": "168378"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-32208",
            "trust": 1.9
          },
          {
            "db": "HACKERONE",
            "id": "1590071",
            "trust": 1.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168289",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "168503",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "168378",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "168158",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "168284",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168275",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167661",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168174",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167607",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168347",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168301",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-424135",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32208",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168213",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170741",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170303",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424135"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32208"
          },
          {
            "db": "PACKETSTORM",
            "id": "168158"
          },
          {
            "db": "PACKETSTORM",
            "id": "168213"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "168289"
          },
          {
            "db": "PACKETSTORM",
            "id": "168503"
          },
          {
            "db": "PACKETSTORM",
            "id": "168378"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32208"
          }
        ]
      },
      "id": "VAR-202206-1961",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424135"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T23:24:46.149000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Ubuntu Security Notice: USN-5499-1: curl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5499-1"
          },
          {
            "title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5495-1"
          },
          {
            "title": "Red Hat: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-32208"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-32208"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-840",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424135"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32208"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.2,
            "url": "https://security.gentoo.org/glsa/202212-01"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht213488"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2022/oct/28"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2022/oct/41"
          },
          {
            "trust": 1.1,
            "url": "https://hackerone.com/reports/1590071"
          },
          {
            "trust": 1.1,
            "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2022-32208"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-32206"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-2097"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1292"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1586"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-2068"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1785"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1897"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1927"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-29154"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-2526"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-30631"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-21123"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-32250"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-21166"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-21125"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1012"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-31129"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0391"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-34903"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-20107"
          },
          {
            "trust": 0.2,
            "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
          },
          {
            "trust": 0.2,
            "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5499-1"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5495-1"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6159"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-26116"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27782"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1729"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27776"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22576"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1966"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3177"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1966"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-26137"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27774"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-40528"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29824"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0408"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30632"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30698"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30629"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27406"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30293"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23772"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35525"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28131"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-38561"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-40674"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22624"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22662"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35527"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29526"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-0256"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30633"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-3709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1705"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22629"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23773"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30630"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24795"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26719"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1962"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30635"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2509"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3787"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26709"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26700"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27405"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25308"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1304"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25309"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27404"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30699"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25310"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-32148"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23806"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1798"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22628"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0934"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0308"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-37434"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3515"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6182"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21166"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-34903"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21123"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6560"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21125"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6507"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#critical"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-36067"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424135"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32208"
          },
          {
            "db": "PACKETSTORM",
            "id": "168158"
          },
          {
            "db": "PACKETSTORM",
            "id": "168213"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "168289"
          },
          {
            "db": "PACKETSTORM",
            "id": "168503"
          },
          {
            "db": "PACKETSTORM",
            "id": "168378"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32208"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-424135",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32208",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168158",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168213",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170741",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170303",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168289",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168503",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168378",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32208",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-07-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-424135",
            "ident": null
          },
          {
            "date": "2022-08-25T15:25:12",
            "db": "PACKETSTORM",
            "id": "168158",
            "ident": null
          },
          {
            "date": "2022-09-01T16:30:25",
            "db": "PACKETSTORM",
            "id": "168213",
            "ident": null
          },
          {
            "date": "2023-01-26T15:29:09",
            "db": "PACKETSTORM",
            "id": "170741",
            "ident": null
          },
          {
            "date": "2022-12-19T13:48:31",
            "db": "PACKETSTORM",
            "id": "170303",
            "ident": null
          },
          {
            "date": "2022-09-07T17:09:04",
            "db": "PACKETSTORM",
            "id": "168289",
            "ident": null
          },
          {
            "date": "2022-09-26T15:37:32",
            "db": "PACKETSTORM",
            "id": "168503",
            "ident": null
          },
          {
            "date": "2022-09-14T15:08:07",
            "db": "PACKETSTORM",
            "id": "168378",
            "ident": null
          },
          {
            "date": "2022-07-07T13:15:08.467000",
            "db": "NVD",
            "id": "CVE-2022-32208",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-01-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-424135",
            "ident": null
          },
          {
            "date": "2025-05-05T17:18:13.390000",
            "db": "NVD",
            "id": "CVE-2022-32208",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "Red Hat Security Advisory 2022-6159-01",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168158"
          }
        ],
        "trust": 0.1
      },
      "type": {
        "_id": null,
        "data": "arbitrary, code execution",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "170303"
          }
        ],
        "trust": 0.1
      }
    }

    VAR-201411-0410

    Vulnerability from variot - Updated: 2026-04-10 23:15

    cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. cURL/libcURL is prone to a remote security-bypass vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. cURL/libcURL 7.1 through 7.37.1 are vulnerable. Both Haxx curl and libcurl are products of the Swedish company Haxx. libcurl is a free, open source client-side URL transfer library. ============================================================================ Ubuntu Security Notice USN-2346-1 September 15, 2014

    curl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 14.04 LTS
    • Ubuntu 12.04 LTS
    • Ubuntu 10.04 LTS

    Summary:

    Several security issues were fixed in curl. (CVE-2014-3620)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 14.04 LTS: libcurl3 7.35.0-1ubuntu2.1 libcurl3-gnutls 7.35.0-1ubuntu2.1 libcurl3-nss 7.35.0-1ubuntu2.1

    Ubuntu 12.04 LTS: libcurl3 7.22.0-3ubuntu4.10 libcurl3-gnutls 7.22.0-3ubuntu4.10 libcurl3-nss 7.22.0-3ubuntu4.10

    Ubuntu 10.04 LTS: libcurl3 7.19.7-1ubuntu1.9 libcurl3-gnutls 7.19.7-1ubuntu1.9

    In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006

    OS X Yosemite v10.10.5 and Security Update 2015-006 is now available and addresses the following:

    apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Apache 2.4.16, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185

    apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in PHP 5.5.20, the most serious of which may lead to arbitrary code execution. Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.20. These were addressed by updating Apache to version 5.5.27. CVE-ID CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148

    Apple ID OD Plug-in Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able change the password of a local user Description: In some circumstances, a state management issue existed in password authentication. The issue was addressed through improved state management. CVE-ID CVE-2015-3799 : an anonymous researcher working with HP's Zero Day Initiative

    AppleGraphicsControl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5768 : JieTao Yang of KeenTeam

    Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOBluetoothHCIController. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3779 : Teddy Reed of Facebook Security

    Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue could have led to the disclosure of kernel memory layout. This issue was addressed with improved memory management. CVE-ID CVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze Networks

    Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious app may be able to access notifications from other iCloud devices Description: An issue existed where a malicious app could access a Bluetooth-paired Mac or iOS device's Notification Center notifications via the Apple Notification Center Service. The issue affected devices using Handoff and logged into the same iCloud account. This issue was resolved by revoking access to the Apple Notification Center Service. CVE-ID CVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security Lab (Indiana University), Tongxin Li (Peking University), XiaoFeng Wang (Indiana University)

    Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with privileged network position may be able to perform denial of service attack using malformed Bluetooth packets Description: An input validation issue existed in parsing of Bluetooth ACL packets. This issue was addressed through improved input validation. CVE-ID CVE-2015-3787 : Trend Micro

    Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple buffer overflow issues existed in blued's handling of XPC messages. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3777 : mitp0sh of [PDX]

    bootp Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may have broadcast MAC addresses of previously accessed networks via the DNAv4 protocol. This issue was addressed through disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project)

    CloudKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access the iCloud user record of a previously signed in user Description: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling. CVE-ID CVE-2015-3782 : Deepkanwal Plaha of University of Toronto

    CoreMedia Playback Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in CoreMedia Playback. These were addressed through improved memory handling. CVE-ID CVE-2015-5777 : Apple CVE-2015-5778 : Apple

    CoreText Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team

    CoreText Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team

    curl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities in cURL and libcurl prior to 7.38.0, one of which may allow remote attackers to bypass the Same Origin Policy. Description: Multiple vulnerabilities existed in cURL and libcurl prior to 7.38.0. These issues were addressed by updating cURL to version 7.43.0. CVE-ID CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2014-8151 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153

    Data Detectors Engine Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a sequence of unicode characters can lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in processing of Unicode characters. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)

    Date & Time pref pane Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Applications that rely on system time may have unexpected behavior Description: An authorization issue existed when modifying the system date and time preferences. This issue was addressed with additional authorization checks. CVE-ID CVE-2015-3757 : Mark S C Smith

    Dictionary Application Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with a privileged network position may be able to intercept users' Dictionary app queries Description: An issue existed in the Dictionary app, which did not properly secure user communications. This issue was addressed by moving Dictionary queries to HTTPS. CVE-ID CVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security Team

    DiskImages Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team

    dyld Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed in dyld. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3760 : beist of grayhash, Stefan Esser

    FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3804 : Apple CVE-2015-5775 : Apple

    FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team

    groff Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple issues in pdfroff Description: Multiple issues existed in pdfroff, the most serious of which may allow arbitrary filesystem modification. These issues were addressed by removing pdfroff. CVE-ID CVE-2009-5044 CVE-2009-5078

    ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of TIFF images. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5758 : Apple

    ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: An uninitialized memory access issue existed in ImageIO's handling of PNG and TIFF images. Visiting a malicious website may result in sending data from process memory to the website. This issue is addressed through improved memory initialization and additional validation of PNG and TIFF images. CVE-ID CVE-2015-5781 : Michal Zalewski CVE-2015-5782 : Michal Zalewski

    Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An issue existed in how Install.framework's 'runner' binary dropped privileges. This issue was addressed through improved privilege management. CVE-ID CVE-2015-5784 : Ian Beer of Google Project Zero

    Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A race condition existed in Install.framework's 'runner' binary that resulted in privileges being incorrectly dropped. This issue was addressed through improved object locking. CVE-ID CVE-2015-5754 : Ian Beer of Google Project Zero

    IOFireWireFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: Memory corruption issues existed in IOFireWireFamily. These issues were addressed through additional type input validation. CVE-ID CVE-2015-3769 : Ilja van Sprundel CVE-2015-3771 : Ilja van Sprundel CVE-2015-3772 : Ilja van Sprundel

    IOGraphics Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOGraphics. This issue was addressed through additional type input validation. CVE-ID CVE-2015-3770 : Ilja van Sprundel CVE-2015-5783 : Ilja van Sprundel

    IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5774 : TaiG Jailbreak Team

    Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface. CVE-ID CVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team, @PanguTeam

    Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2015-3768 : Ilja van Sprundel

    Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A resource exhaustion issue existed in the fasttrap driver. This was addressed through improved memory handling. CVE-ID CVE-2015-5747 : Maxime VILLARD of m00nbsd

    Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A validation issue existed in the mounting of HFS volumes. This was addressed by adding additional checks. CVE-ID CVE-2015-5748 : Maxime VILLARD of m00nbsd

    Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute unsigned code Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation. CVE-ID CVE-2015-3806 : TaiG Jailbreak Team

    Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A specially crafted executable file could allow unsigned, malicious code to execute Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files. CVE-ID CVE-2015-3803 : TaiG Jailbreak Team

    Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute unsigned code Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks. CVE-ID CVE-2015-3802 : TaiG Jailbreak Team CVE-2015-3805 : TaiG Jailbreak Team

    Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany

    Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3761 : Apple

    Libc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in the TRE library. These were addressed through improved memory handling. CVE-ID CVE-2015-3796 : Ian Beer of Google Project Zero CVE-2015-3797 : Ian Beer of Google Project Zero CVE-2015-3798 : Ian Beer of Google Project Zero

    Libinfo Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in handling AF_INET6 sockets. These were addressed by improved memory handling. CVE-ID CVE-2015-5776 : Apple

    libpthread Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling syscalls. This issue was addressed through improved lock state checking. CVE-ID CVE-2015-5757 : Lufeng Li of Qihoo 360

    libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2. CVE-ID CVE-2012-6685 : Felix Groebert of Google CVE-2014-0191 : Felix Groebert of Google

    libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory access issue existed in libxml2. This was addressed by improved memory handling CVE-ID CVE-2014-3660 : Felix Groebert of Google

    libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Apple

    libxpc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking. CVE-ID CVE-2015-3795 : Mathew Rowley

    mail_cmds Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary shell commands Description: A validation issue existed in the mailx parsing of email addresses. This was addressed by improved sanitization. CVE-ID CVE-2014-7844

    Notification Center OSX Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access all notifications previously displayed to users Description: An issue existed in Notification Center, which did not properly delete user notifications. This issue was addressed by correctly deleting notifications dismissed by users. CVE-ID CVE-2015-3764 : Jonathan Zdziarski

    ntfs Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in NTFS. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze Networks

    OpenSSH Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Remote attackers may be able to circumvent a time delay for failed login attempts and conduct brute-force attacks Description: An issue existed when processing keyboard-interactive devices. This issue was addressed through improved authentication request validation. CVE-ID CVE-2015-5600

    OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792

    perl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted regular expression may lead to disclosure of unexpected application termination or arbitrary code execution Description: An integer underflow issue existed in the way Perl parsed regular expressions. This issue was addressed through improved memory handling. CVE-ID CVE-2013-7422

    PostgreSQL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: An attacker may be able to cause unexpected application termination or gain access to data without proper authentication Description: Multiple issues existed in PostgreSQL 9.2.4. These issues were addressed by updating PostgreSQL to 9.2.13. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244

    python Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Python 2.7.6, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in Python versions prior to 2.7.6. These were addressed by updating Python to version 2.7.10. CVE-ID CVE-2013-7040 CVE-2013-7338 CVE-2014-1912 CVE-2014-7185 CVE-2014-9365

    QL Office Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted Office document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of Office documents. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5773 : Apple

    QL Office Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: An external entity reference issue existed in XML file parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.

    Quartz Composer Framework Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of QuickTime files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5771 : Apple

    Quick Look Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Searching for a previously viewed website may launch the web browser and render that website Description: An issue existed where QuickLook had the capability to execute JavaScript. The issue was addressed by disallowing execution of JavaScript. CVE-ID CVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole

    QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3772 CVE-2015-3779 CVE-2015-5753 : Apple CVE-2015-5779 : Apple

    QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3765 : Joe Burnett of Audio Poison CVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-5751 : WalkerFuz

    SceneKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5772 : Apple

    SceneKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in SceneKit. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3783 : Haris Andrianakis of Google Security Team

    Security Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A standard user may be able to gain access to admin privileges without proper authentication Description: An issue existed in handling of user authentication. This issue was addressed through improved authentication checks. CVE-ID CVE-2015-3775 : [Eldon Ahrold]

    SMBClient Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the SMB client. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3773 : Ilja van Sprundel

    Speech UI Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted unicode string with speech alerts enabled may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling of Unicode strings. This issue was addressed by improved memory handling. CVE-ID CVE-2015-3794 : Adam Greenbaum of Refinitive

    sudo Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9, the most serious of which may allow an attacker access to arbitrary files Description: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9. These were addressed by updating sudo to version 1.7.10p9. CVE-ID CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 CVE-2014-0106 CVE-2014-9680

    tcpdump Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in tcpdump versions prior to 4.7.3. These were addressed by updating tcpdump to version 4.7.3. CVE-ID CVE-2014-8767 CVE-2014-8769 CVE-2014-9140

    Text Formats Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: An XML external entity reference issue existed with TextEdit parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team

    udf Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3767 : beist of grayhash

    OS X Yosemite v10.10.5 includes the security content of Safari 8.0.8: https://support.apple.com/en-us/HT205033

    OS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

    Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

    -----BEGIN PGP SIGNATURE-----

    iQIcBAEBCAAGBQJVzM3+AAoJEBcWfLTuOo7tx/YP/RTsUUx0UTk7rXj6AEcHmiR4 Y2xTUOXqRmxhieSbsGK9laKL5++lIzkGh5RC7oYag0+OgWtZz+EU/EtdoEJmGNJ6 +PgoEnizYdKhO1kos1KCHOwG6UFCqoeEm6Icm33nVUqWp7uAmhVRMRxtMJEScLSR 2LpsK0grIhFXtJGqu053TSKSCa1UTab8XWteZTT84uFGMSKbAFONj5CPIrR6+uev QpVTwrnskPDBOXJwGhjypvIBTbt2aa1wjCukOAWFHwf7Pma/QUdhKRkUK4vAb9/k fu2t2fBOvSMguJHRO+340NsQR9LvmdruBeAyNUH64srF1jtbAg0QnvZsPyO5aIyR A8WrzHl3oIc0II0y7VpI+3o0J3Nn03EcBPtIKeoeyznnjNziDm72HPI2d2+5ZSRz xjAd4Nmw+dgGq+UMkusIXgtRK4HcEpwzfImf3zqnKHakSncnFPhGKyNEgn8bK9a7 AeAvSqMXXsJg8weHUF2NLnAn/42k2wIE8d5BOLaIy13xz6MJn7VUI21pK0zCaGBF sfkRFZP0eEVh8ZzU/nWp9E5KDpbsd72biJwvjWH4OrmkfzUWxStQiVwPTxtZD9LW c5ZWe+vqZJV9eYRH2hAOMPaYkOQ5Z4DySNVVOFAG0eq9til8+V0k3L7ipIVd2XUB msu6gVP8uZhFYNb8byVJ =+0e/ -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: curl security, bug fix, and enhancement update Advisory ID: RHSA-2015:2159-06 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2159.html Issue date: 2015-11-19 CVE Names: CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3148 =====================================================================

    1. Summary:

    Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64

    1. Description:

    The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

    It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. (CVE-2014-3613)

    A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. (CVE-2014-3707)

    It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests. (CVE-2014-8150)

    It was discovered that libcurl implemented aspects of the NTLM and Negotatiate authentication incorrectly. If an application uses libcurl and the affected mechanisms in a specifc way, certain requests to a previously NTLM-authenticated server could appears as sent by the wrong authenticated user. Additionally, the initial set of credentials for HTTP Negotiate-authenticated requests could be reused in subsequent requests, although a different set of credentials was specified. (CVE-2015-3143, CVE-2015-3148)

    Red Hat would like to thank the cURL project for reporting these issues.

    Bug fixes:

    • An out-of-protocol fallback to SSL 3.0 was available with libcurl. Attackers could abuse the fallback to force downgrade of the SSL version. The fallback has been removed from libcurl. Users requiring this functionality can explicitly enable SSL 3.0 through the libcurl API. (BZ#1154060)

    • TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. You can explicitly disable them through the libcurl API. (BZ#1170339)

    • FTP operations such as downloading files took a significantly long time to complete. Now, the FTP implementation in libcurl correctly sets blocking direction and estimated timeout for connections, resulting in faster FTP transfers. (BZ#1218272)

    Enhancements:

    • With the updated packages, it is possible to explicitly enable or disable new Advanced Encryption Standard (AES) cipher suites to be used for the TLS protocol. (BZ#1066065)

    • The libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on the libcurl multi API. The non-blocking SSL handshake has been implemented in libcurl, and the libcurl multi API now immediately returns the control back to the application whenever it cannot read or write data from or to the underlying network socket. (BZ#1091429)

    • The libcurl library used an unnecessarily long blocking delay for actions with no active file descriptors, even for short operations. Some actions, such as resolving a host name using /etc/hosts, took a long time to complete. The blocking code in libcurl has been modified so that the initial delay is short and gradually increases until an event occurs. (BZ#1130239)

    All curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.

    1. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied.

    For details on how to apply this update, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1130239 - Difference in curl performance between RHEL6 and RHEL7 1136154 - CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain 1154060 - curl: Disable out-of-protocol fallback to SSL 3.0 1154941 - CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS 1161182 - Response headers added by proxy servers missing in CURLINFO_HEADER_SIZE 1166264 - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth [RHEL-7] 1170339 - use the default min/max TLS version provided by NSS 1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn() 1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated 1213351 - CVE-2015-3148 curl: Negotiate not treated as connection-oriented 1218272 - Performance problem with libcurl and FTP on RHEL7.X

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: curl-7.29.0-25.el7.src.rpm

    x86_64: curl-7.29.0-25.el7.x86_64.rpm curl-debuginfo-7.29.0-25.el7.i686.rpm curl-debuginfo-7.29.0-25.el7.x86_64.rpm libcurl-7.29.0-25.el7.i686.rpm libcurl-7.29.0-25.el7.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    x86_64: curl-debuginfo-7.29.0-25.el7.i686.rpm curl-debuginfo-7.29.0-25.el7.x86_64.rpm libcurl-devel-7.29.0-25.el7.i686.rpm libcurl-devel-7.29.0-25.el7.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: curl-7.29.0-25.el7.src.rpm

    x86_64: curl-7.29.0-25.el7.x86_64.rpm curl-debuginfo-7.29.0-25.el7.i686.rpm curl-debuginfo-7.29.0-25.el7.x86_64.rpm libcurl-7.29.0-25.el7.i686.rpm libcurl-7.29.0-25.el7.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    x86_64: curl-debuginfo-7.29.0-25.el7.i686.rpm curl-debuginfo-7.29.0-25.el7.x86_64.rpm libcurl-devel-7.29.0-25.el7.i686.rpm libcurl-devel-7.29.0-25.el7.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: curl-7.29.0-25.el7.src.rpm

    aarch64: curl-7.29.0-25.el7.aarch64.rpm curl-debuginfo-7.29.0-25.el7.aarch64.rpm libcurl-7.29.0-25.el7.aarch64.rpm libcurl-devel-7.29.0-25.el7.aarch64.rpm

    ppc64: curl-7.29.0-25.el7.ppc64.rpm curl-debuginfo-7.29.0-25.el7.ppc.rpm curl-debuginfo-7.29.0-25.el7.ppc64.rpm libcurl-7.29.0-25.el7.ppc.rpm libcurl-7.29.0-25.el7.ppc64.rpm libcurl-devel-7.29.0-25.el7.ppc.rpm libcurl-devel-7.29.0-25.el7.ppc64.rpm

    ppc64le: curl-7.29.0-25.el7.ppc64le.rpm curl-debuginfo-7.29.0-25.el7.ppc64le.rpm libcurl-7.29.0-25.el7.ppc64le.rpm libcurl-devel-7.29.0-25.el7.ppc64le.rpm

    s390x: curl-7.29.0-25.el7.s390x.rpm curl-debuginfo-7.29.0-25.el7.s390.rpm curl-debuginfo-7.29.0-25.el7.s390x.rpm libcurl-7.29.0-25.el7.s390.rpm libcurl-7.29.0-25.el7.s390x.rpm libcurl-devel-7.29.0-25.el7.s390.rpm libcurl-devel-7.29.0-25.el7.s390x.rpm

    x86_64: curl-7.29.0-25.el7.x86_64.rpm curl-debuginfo-7.29.0-25.el7.i686.rpm curl-debuginfo-7.29.0-25.el7.x86_64.rpm libcurl-7.29.0-25.el7.i686.rpm libcurl-7.29.0-25.el7.x86_64.rpm libcurl-devel-7.29.0-25.el7.i686.rpm libcurl-devel-7.29.0-25.el7.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: curl-7.29.0-25.el7.src.rpm

    x86_64: curl-7.29.0-25.el7.x86_64.rpm curl-debuginfo-7.29.0-25.el7.i686.rpm curl-debuginfo-7.29.0-25.el7.x86_64.rpm libcurl-7.29.0-25.el7.i686.rpm libcurl-7.29.0-25.el7.x86_64.rpm libcurl-devel-7.29.0-25.el7.i686.rpm libcurl-devel-7.29.0-25.el7.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2014-3613 https://access.redhat.com/security/cve/CVE-2014-3707 https://access.redhat.com/security/cve/CVE-2014-8150 https://access.redhat.com/security/cve/CVE-2015-3143 https://access.redhat.com/security/cve/CVE-2015-3148 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iD8DBQFWTkDjXlSAg2UNWIIRAiUIAKCDiD6XED0dZ145uiyufkWCK1ogUACgnQTY 3iELkxAEAUfZ3lJlUq4u7Uo= =rhuc -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

    libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP, causing a transfer that was initiated by an application to wrongfully re-use an existing connection to the same server that was authenticated using different credentials (CVE-2014-0138).

    libcurl incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site (CVE-2014-0139). For this problem to trigger, the client application must use the numerical IP address in the URL to access the site (CVE-2014-3613).

    Symeon Paraschoudis discovered that the curl_easy_duphandle() function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle() to be used in that order, and then the duplicate handle must be used to perform the HTTP POST. The curl command line tool is not affected by this problem as it does not use this sequence (CVE-2014-3707).

    When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL (CVE-2014-8150).


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3620 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3707 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8150 http://advisories.mageia.org/MGASA-2014-0153.html http://advisories.mageia.org/MGASA-2014-0385.html http://advisories.mageia.org/MGASA-2014-0444.html http://advisories.mageia.org/MGASA-2015-0020.html


    Updated Packages:

    Mandriva Business Server 2/X86_64: 498d59be3a6a4ace215c0d98fb4abede mbs2/x86_64/curl-7.34.0-3.1.mbs2.x86_64.rpm 75a821b73a75ca34f1747a0f7479267f mbs2/x86_64/curl-examples-7.34.0-3.1.mbs2.noarch.rpm f5d3aad5f0fd9db68b87c648aaabbb4a mbs2/x86_64/lib64curl4-7.34.0-3.1.mbs2.x86_64.rpm 4f356a2c97f9f64124b4e8ebe307826a mbs2/x86_64/lib64curl-devel-7.34.0-3.1.mbs2.x86_64.rpm d010a357d76a8eb967c7c52f92fb35ae mbs2/SRPMS/curl-7.34.0-3.1.mbs2.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    For the stable distribution (wheezy), these problems have been fixed in version 7.26.0-1+wheezy10.

    For the testing distribution (jessie), these problems have been fixed in version 7.38.0-1.

    For the unstable distribution (sid), these problems have been fixed in version 7.38.0-1.

    We recommend that you upgrade your curl packages

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.34.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.36.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.31.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.37.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.33.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.36.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.35.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.32.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "haxx",
            "version": "7.37.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.34.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.33.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.35.0"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.10.4"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.37.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.37.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.32.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.31.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "haxx",
            "version": "7.38.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "haxx",
            "version": "7.38.0"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "10.10 to  10.10.4"
          },
          {
            "_id": null,
            "model": "hyperion",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "essbase 11.1.2.2"
          },
          {
            "_id": null,
            "model": "hyperion",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "essbase 11.1.2.3"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "haxx",
            "version": "7.37.1"
          },
          {
            "_id": null,
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "hat enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "hat enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "hat enterprise linux hpc node optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "hat enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "hat enterprise linux desktop optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "hat enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "69748"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1276"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005511"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3613"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:haxx:curl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:haxx:libcurl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:apple:mac_os_x",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:hyperion",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005511"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Tim Ruehsen",
        "sources": [
          {
            "db": "BID",
            "id": "69748"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1276"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2014-3613",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-3613",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-71553",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-3613",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-3613",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201410-1276",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-71553",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2014-3613",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-71553"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-3613"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1276"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005511"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3613"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. cURL/libcURL is prone to a remote security-bypass vulnerability. \nAn attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. \ncURL/libcURL 7.1 through 7.37.1 are vulnerable. Both Haxx curl and libcurl are products of the Swedish company Haxx. libcurl is a free, open source client-side URL transfer library. ============================================================================\nUbuntu Security Notice USN-2346-1\nSeptember 15, 2014\n\ncurl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. (CVE-2014-3620)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libcurl3                        7.35.0-1ubuntu2.1\n  libcurl3-gnutls                 7.35.0-1ubuntu2.1\n  libcurl3-nss                    7.35.0-1ubuntu2.1\n\nUbuntu 12.04 LTS:\n  libcurl3                        7.22.0-3ubuntu4.10\n  libcurl3-gnutls                 7.22.0-3ubuntu4.10\n  libcurl3-nss                    7.22.0-3ubuntu4.10\n\nUbuntu 10.04 LTS:\n  libcurl3                        7.19.7-1ubuntu1.9\n  libcurl3-gnutls                 7.19.7-1ubuntu1.9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update\n2015-006\n\nOS X Yosemite v10.10.5 and Security Update 2015-006 is now available\nand addresses the following:\n\napache\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities existed in Apache 2.4.16, the most\nserious of which may allow a remote attacker to cause a denial of\nservice. \nDescription:  Multiple vulnerabilities existed in Apache versions\nprior to 2.4.16. These were addressed by updating Apache to version\n2.4.16. \nCVE-ID\nCVE-2014-3581\nCVE-2014-3583\nCVE-2014-8109\nCVE-2015-0228\nCVE-2015-0253\nCVE-2015-3183\nCVE-2015-3185\n\napache_mod_php\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities existed in PHP 5.5.20, the most\nserious of which may lead to arbitrary code execution. \nDescription:  Multiple vulnerabilities existed in PHP versions prior\nto 5.5.20. These were addressed by updating Apache to version 5.5.27. \nCVE-ID\nCVE-2015-2783\nCVE-2015-2787\nCVE-2015-3307\nCVE-2015-3329\nCVE-2015-3330\nCVE-2015-4021\nCVE-2015-4022\nCVE-2015-4024\nCVE-2015-4025\nCVE-2015-4026\nCVE-2015-4147\nCVE-2015-4148\n\nApple ID OD Plug-in\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able change the password of a\nlocal user\nDescription:  In some circumstances, a state management issue existed\nin password authentication. The issue was addressed through improved\nstate management. \nCVE-ID\nCVE-2015-3799 : an anonymous researcher working with HP\u0027s Zero Day\nInitiative\n\nAppleGraphicsControl\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in AppleGraphicsControl which could\nhave led to the disclosure of kernel memory layout. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2015-5768 : JieTao Yang of KeenTeam\n\nBluetooth\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in\nIOBluetoothHCIController. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3779 : Teddy Reed of Facebook Security\n\nBluetooth\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  A memory management issue could have led to the\ndisclosure of kernel memory layout. This issue was addressed with\nimproved memory management. \nCVE-ID\nCVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nBluetooth\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious app may be able to access notifications from\nother iCloud devices\nDescription:  An issue existed where a malicious app could access a\nBluetooth-paired Mac or iOS device\u0027s Notification Center\nnotifications via the Apple Notification Center Service. The issue\naffected devices using Handoff and logged into the same iCloud\naccount. This issue was resolved by revoking access to the Apple\nNotification Center Service. \nCVE-ID\nCVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security\nLab (Indiana University), Tongxin Li (Peking University), XiaoFeng\nWang (Indiana University)\n\nBluetooth\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  An attacker with privileged network position may be able to\nperform denial of service attack using malformed Bluetooth packets\nDescription:  An input validation issue existed in parsing of\nBluetooth ACL packets. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2015-3787 : Trend Micro\n\nBluetooth\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription:  Multiple buffer overflow issues existed in blued\u0027s\nhandling of XPC messages. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-3777 : mitp0sh of [PDX]\n\nbootp\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious Wi-Fi network may be able to determine networks\na device has previously accessed\nDescription:  Upon connecting to a Wi-Fi network, iOS may have\nbroadcast MAC addresses of previously accessed networks via the DNAv4\nprotocol. This issue was addressed through disabling DNAv4 on\nunencrypted Wi-Fi networks. \nCVE-ID\nCVE-2015-3778 : Piers O\u0027Hanlon of Oxford Internet Institute,\nUniversity of Oxford (on the EPSRC Being There project)\n\nCloudKit\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to access the iCloud\nuser record of a previously signed in user\nDescription:  A state inconsistency existed in CloudKit when signing\nout users. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\n\nCoreMedia Playback\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Memory corruption issues existed in CoreMedia Playback. \nThese were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5777 : Apple\nCVE-2015-5778 : Apple\n\nCoreText\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\n\nCoreText\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\n\ncurl\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities in cURL and libcurl prior to\n7.38.0, one of which may allow remote attackers to bypass the Same\nOrigin Policy. \nDescription:  Multiple vulnerabilities existed in cURL and libcurl\nprior to 7.38.0. These issues were addressed by updating cURL to\nversion 7.43.0. \nCVE-ID\nCVE-2014-3613\nCVE-2014-3620\nCVE-2014-3707\nCVE-2014-8150\nCVE-2014-8151\nCVE-2015-3143\nCVE-2015-3144\nCVE-2015-3145\nCVE-2015-3148\nCVE-2015-3153\n\nData Detectors Engine\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a sequence of unicode characters can lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Memory corruption issues existed in processing of\nUnicode characters. These issues were addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)\n\nDate \u0026 Time pref pane\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Applications that rely on system time may have unexpected\nbehavior\nDescription:  An authorization issue existed when modifying the\nsystem date and time preferences. This issue was addressed with\nadditional authorization checks. \nCVE-ID\nCVE-2015-3757 : Mark S C Smith\n\nDictionary Application\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  An attacker with a privileged network position may be able\nto intercept users\u0027 Dictionary app queries\nDescription:  An issue existed in the Dictionary app, which did not\nproperly secure user communications. This issue was addressed by\nmoving Dictionary queries to HTTPS. \nCVE-ID\nCVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security\nTeam\n\nDiskImages\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted DMG file may lead to an\nunexpected application termination or arbitrary code execution with\nsystem privileges\nDescription:  A memory corruption issue existed in parsing of\nmalformed DMG images. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\n\ndyld\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A path validation issue existed in dyld. This was\naddressed through improved environment sanitization. \nCVE-ID\nCVE-2015-3760 : beist of grayhash, Stefan Esser\n\nFontParser\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-3804 : Apple\nCVE-2015-5775 : Apple\n\nFontParser\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team\n\ngroff\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple issues in pdfroff\nDescription:  Multiple issues existed in pdfroff, the most serious of\nwhich may allow arbitrary filesystem modification. These issues were\naddressed by removing pdfroff. \nCVE-ID\nCVE-2009-5044\nCVE-2009-5078\n\nImageIO\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nTIFF images. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5758 : Apple\n\nImageIO\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Visiting a maliciously crafted website may result in the\ndisclosure of process memory\nDescription:  An uninitialized memory access issue existed in\nImageIO\u0027s handling of PNG and TIFF images. Visiting a malicious\nwebsite may result in sending data from process memory to the\nwebsite. This issue is addressed through improved memory\ninitialization and additional validation of PNG and TIFF images. \nCVE-ID\nCVE-2015-5781 : Michal Zalewski\nCVE-2015-5782 : Michal Zalewski\n\nInstall Framework Legacy\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with root privileges\nDescription:  An issue existed in how Install.framework\u0027s \u0027runner\u0027\nbinary dropped privileges. This issue was addressed through improved\nprivilege management. \nCVE-ID\nCVE-2015-5784 : Ian Beer of Google Project Zero\n\nInstall Framework Legacy\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A race condition existed in\nInstall.framework\u0027s \u0027runner\u0027 binary that resulted in\nprivileges being incorrectly dropped. This issue was addressed\nthrough improved object locking. \nCVE-ID\nCVE-2015-5754 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  Memory corruption issues existed in IOFireWireFamily. \nThese issues were addressed through additional type input validation. \nCVE-ID\nCVE-2015-3769 : Ilja van Sprundel\nCVE-2015-3771 : Ilja van Sprundel\nCVE-2015-3772 : Ilja van Sprundel\n\nIOGraphics\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in IOGraphics. This\nissue was addressed through additional type input validation. \nCVE-ID\nCVE-2015-3770 : Ilja van Sprundel\nCVE-2015-5783 : Ilja van Sprundel\n\nIOHIDFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A buffer overflow issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5774 : TaiG Jailbreak Team\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in the mach_port_space_info interface,\nwhich could have led to the disclosure of kernel memory layout. This\nwas addressed by disabling the mach_port_space_info interface. \nCVE-ID\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,\n@PanguTeam\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An integer overflow existed in the handling of IOKit\nfunctions. This issue was addressed through improved validation of\nIOKit API arguments. \nCVE-ID\nCVE-2015-3768 : Ilja van Sprundel\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A resource exhaustion issue existed in the fasttrap\ndriver. This was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5747 : Maxime VILLARD of m00nbsd\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A validation issue existed in the mounting of HFS\nvolumes. This was addressed by adding additional checks. \nCVE-ID\nCVE-2015-5748 : Maxime VILLARD of m00nbsd\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to execute unsigned code\nDescription:  An issue existed that allowed unsigned code to be\nappended to signed code in a specially crafted executable file. This\nissue was addressed through improved code signature validation. \nCVE-ID\nCVE-2015-3806 : TaiG Jailbreak Team\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A specially crafted executable file could allow unsigned,\nmalicious code to execute\nDescription:  An issue existed in the way multi-architecture\nexecutable files were evaluated that could have allowed unsigned code\nto be executed. This issue was addressed through improved validation\nof executable files. \nCVE-ID\nCVE-2015-3803 : TaiG Jailbreak Team\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute unsigned code\nDescription:  A validation issue existed in the handling of Mach-O\nfiles. This was addressed by adding additional checks. \nCVE-ID\nCVE-2015-3802 : TaiG Jailbreak Team\nCVE-2015-3805 : TaiG Jailbreak Team\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted plist may lead to an\nunexpected application termination or arbitrary code execution with\nsystem privileges\nDescription:  A memory corruption existed in processing of malformed\nplists. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\n(@jollyjinx) of Jinx Germany\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A path validation issue existed. This was addressed\nthrough improved environment sanitization. \nCVE-ID\nCVE-2015-3761 : Apple\n\nLibc\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted regular expression may lead\nto an unexpected application termination or arbitrary code execution\nDescription:  Memory corruption issues existed in the TRE library. \nThese were addressed through improved memory handling. \nCVE-ID\nCVE-2015-3796 : Ian Beer of Google Project Zero\nCVE-2015-3797 : Ian Beer of Google Project Zero\nCVE-2015-3798 : Ian Beer of Google Project Zero\n\nLibinfo\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution\nDescription:  Memory corruption issues existed in handling AF_INET6\nsockets. These were addressed by improved memory handling. \nCVE-ID\nCVE-2015-5776 : Apple\n\nlibpthread\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in handling syscalls. \nThis issue was addressed through improved lock state checking. \nCVE-ID\nCVE-2015-5757 : Lufeng Li of Qihoo 360\n\nlibxml2\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities existed in libxml2 versions prior\nto 2.9.2, the most serious of which may allow a remote attacker to\ncause a denial of service\nDescription:  Multiple vulnerabilities existed in libxml2 versions\nprior to 2.9.2. These were addressed by updating libxml2 to version\n2.9.2. \nCVE-ID\nCVE-2012-6685 : Felix Groebert of Google\nCVE-2014-0191 : Felix Groebert of Google\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  A memory access issue existed in libxml2. This was\naddressed by improved memory handling\nCVE-ID\nCVE-2014-3660 : Felix Groebert of Google\n\nlibxml2\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  A memory corruption issue existed in parsing of XML\nfiles. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3807 : Apple\n\nlibxpc\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in handling of\nmalformed XPC messages. This issue was improved through improved\nbounds checking. \nCVE-ID\nCVE-2015-3795 : Mathew Rowley\n\nmail_cmds\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute arbitrary shell commands\nDescription:  A validation issue existed in the mailx parsing of\nemail addresses. This was addressed by improved sanitization. \nCVE-ID\nCVE-2014-7844\n\nNotification Center OSX\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to access all\nnotifications previously displayed to users\nDescription:  An issue existed in Notification Center, which did not\nproperly delete user notifications. This issue was addressed by\ncorrectly deleting notifications dismissed by users. \nCVE-ID\nCVE-2015-3764 : Jonathan Zdziarski\n\nntfs\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in NTFS. This issue\nwas addressed through improved memory handling. \nCVE-ID\nCVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nOpenSSH\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Remote attackers may be able to circumvent a time delay for\nfailed login attempts and conduct brute-force attacks\nDescription:  An issue existed when processing keyboard-interactive\ndevices. This issue was addressed through improved authentication\nrequest validation. \nCVE-ID\nCVE-2015-5600\n\nOpenSSL\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities existed in OpenSSL versions prior\nto 0.9.8zg, the most serious of which may allow a remote attacker to\ncause a denial of service. \nDescription:  Multiple vulnerabilities existed in OpenSSL versions\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\n0.9.8zg. \nCVE-ID\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\n\nperl\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted regular expression may lead to\ndisclosure of unexpected application termination or arbitrary code\nexecution\nDescription:  An integer underflow issue existed in the way Perl\nparsed regular expressions. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2013-7422\n\nPostgreSQL\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  An attacker may be able to cause unexpected application\ntermination or gain access to data without proper authentication\nDescription:  Multiple issues existed in PostgreSQL 9.2.4. These\nissues were addressed by updating PostgreSQL to 9.2.13. \nCVE-ID\nCVE-2014-0067\nCVE-2014-8161\nCVE-2015-0241\nCVE-2015-0242\nCVE-2015-0243\nCVE-2015-0244\n\npython\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities existed in Python 2.7.6, the most\nserious of which may lead to arbitrary code execution\nDescription:  Multiple vulnerabilities existed in Python versions\nprior to 2.7.6. These were addressed by updating Python to version\n2.7.10. \nCVE-ID\nCVE-2013-7040\nCVE-2013-7338\nCVE-2014-1912\nCVE-2014-7185\nCVE-2014-9365\n\nQL Office\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted Office document may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in parsing of Office\ndocuments. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5773 : Apple\n\nQL Office\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted XML file may lead to\ndisclosure of user information\nDescription:  An external entity reference issue existed in XML file\nparsing. This issue was addressed through improved parsing. \nCVE-ID\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. \n\nQuartz Composer Framework\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted QuickTime file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in parsing of\nQuickTime files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5771 : Apple\n\nQuick Look\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Searching for a previously viewed website may launch the web\nbrowser and render that website\nDescription:  An issue existed where QuickLook had the capability to\nexecute JavaScript. The issue was addressed by disallowing execution\nof JavaScript. \nCVE-ID\nCVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole\n\nQuickTime 7\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in QuickTime. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-3772\nCVE-2015-3779\nCVE-2015-5753 : Apple\nCVE-2015-5779 : Apple\n\nQuickTime 7\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in QuickTime. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-3765 : Joe Burnett of Audio Poison\nCVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-5751 : WalkerFuz\n\nSceneKit\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Viewing a maliciously crafted Collada file may lead to\narbitrary code execution\nDescription:  A heap buffer overflow existed in SceneKit\u0027s handling\nof Collada files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5772 : Apple\n\nSceneKit\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution\nDescription:  A memory corruption issue existed in SceneKit. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3783 : Haris Andrianakis of Google Security Team\n\nSecurity\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A standard user may be able to gain access to admin\nprivileges without proper authentication\nDescription:  An issue existed in handling of user authentication. \nThis issue was addressed through improved authentication checks. \nCVE-ID\nCVE-2015-3775 : [Eldon Ahrold]\n\nSMBClient\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the SMB client. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3773 : Ilja van Sprundel\n\nSpeech UI\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted unicode string with speech\nalerts enabled may lead to an unexpected application termination or\narbitrary code execution\nDescription:  A memory corruption issue existed in handling of\nUnicode strings. This issue was addressed by improved memory\nhandling. \nCVE-ID\nCVE-2015-3794 : Adam Greenbaum of Refinitive\n\nsudo\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities existed in sudo versions prior to\n1.7.10p9, the most serious of which may allow an attacker access to\narbitrary files\nDescription:  Multiple vulnerabilities existed in sudo versions prior\nto 1.7.10p9. These were addressed by updating sudo to version\n1.7.10p9. \nCVE-ID\nCVE-2013-1775\nCVE-2013-1776\nCVE-2013-2776\nCVE-2013-2777\nCVE-2014-0106\nCVE-2014-9680\n\ntcpdump\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities existed in tcpdump 4.7.3, the most\nserious of which may allow a remote attacker to cause a denial of\nservice. \nDescription:  Multiple vulnerabilities existed in tcpdump versions\nprior to 4.7.3. These were addressed by updating tcpdump to version\n4.7.3. \nCVE-ID\nCVE-2014-8767\nCVE-2014-8769\nCVE-2014-9140\n\nText Formats\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted text file may lead to\ndisclosure of user information\nDescription:  An XML external entity reference issue existed with\nTextEdit parsing. This issue was addressed through improved parsing. \nCVE-ID\nCVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team\n\nudf\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted DMG file may lead to an\nunexpected application termination or arbitrary code execution with\nsystem privileges\nDescription:  A memory corruption issue existed in parsing of\nmalformed DMG images. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3767 : beist of grayhash\n\nOS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:\nhttps://support.apple.com/en-us/HT205033\n\nOS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n\n-----BEGIN PGP SIGNATURE-----\n\niQIcBAEBCAAGBQJVzM3+AAoJEBcWfLTuOo7tx/YP/RTsUUx0UTk7rXj6AEcHmiR4\nY2xTUOXqRmxhieSbsGK9laKL5++lIzkGh5RC7oYag0+OgWtZz+EU/EtdoEJmGNJ6\n+PgoEnizYdKhO1kos1KCHOwG6UFCqoeEm6Icm33nVUqWp7uAmhVRMRxtMJEScLSR\n2LpsK0grIhFXtJGqu053TSKSCa1UTab8XWteZTT84uFGMSKbAFONj5CPIrR6+uev\nQpVTwrnskPDBOXJwGhjypvIBTbt2aa1wjCukOAWFHwf7Pma/QUdhKRkUK4vAb9/k\nfu2t2fBOvSMguJHRO+340NsQR9LvmdruBeAyNUH64srF1jtbAg0QnvZsPyO5aIyR\nA8WrzHl3oIc0II0y7VpI+3o0J3Nn03EcBPtIKeoeyznnjNziDm72HPI2d2+5ZSRz\nxjAd4Nmw+dgGq+UMkusIXgtRK4HcEpwzfImf3zqnKHakSncnFPhGKyNEgn8bK9a7\nAeAvSqMXXsJg8weHUF2NLnAn/42k2wIE8d5BOLaIy13xz6MJn7VUI21pK0zCaGBF\nsfkRFZP0eEVh8ZzU/nWp9E5KDpbsd72biJwvjWH4OrmkfzUWxStQiVwPTxtZD9LW\nc5ZWe+vqZJV9eYRH2hAOMPaYkOQ5Z4DySNVVOFAG0eq9til8+V0k3L7ipIVd2XUB\nmsu6gVP8uZhFYNb8byVJ\n=+0e/\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: curl security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2015:2159-06\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-2159.html\nIssue date:        2015-11-19\nCVE Names:         CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 \n                   CVE-2015-3143 CVE-2015-3148 \n=====================================================================\n\n1. Summary:\n\nUpdated curl packages that fix multiple security issues, several bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker able\nto trick a user into connecting to a malicious server could use this flaw\nto set the user\u0027s cookie to a crafted domain, making other cookie-related\nissues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication\nof connection handles. If an application set the CURLOPT_COPYPOSTFIELDS\noption for a handle, using the handle\u0027s duplicate could cause the\napplication to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs\nwith embedded end-of-line characters. An attacker able to make an\napplication using libcurl access a specially crafted URL via an HTTP proxy\ncould use this flaw to inject additional headers to the request or\nconstruct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotatiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specifc way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the wrong\nauthenticated user. Additionally, the initial set of credentials for HTTP\nNegotiate-authenticated requests could be reused in subsequent requests,\nalthough a different set of credentials was specified. (CVE-2015-3143,\nCVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues. \n\nBug fixes:\n\n* An out-of-protocol fallback to SSL 3.0 was available with libcurl. \nAttackers could abuse the fallback to force downgrade of the SSL version. \nThe fallback has been removed from libcurl. Users requiring this\nfunctionality can explicitly enable SSL 3.0 through the libcurl API. \n(BZ#1154060)\n\n* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. You can\nexplicitly disable them through the libcurl API. (BZ#1170339)\n\n* FTP operations such as downloading files took a significantly long time\nto complete. Now, the FTP implementation in libcurl correctly sets blocking\ndirection and estimated timeout for connections, resulting in faster FTP\ntransfers. (BZ#1218272)\n\nEnhancements:\n\n* With the updated packages, it is possible to explicitly enable or disable\nnew Advanced Encryption Standard (AES) cipher suites to be used for the TLS\nprotocol. (BZ#1066065)\n\n* The libcurl library did not implement a non-blocking SSL handshake, which\nnegatively affected performance of applications based on the libcurl multi\nAPI. The non-blocking SSL handshake has been implemented in libcurl, and\nthe libcurl multi API now immediately returns the control back to the\napplication whenever it cannot read or write data from or to the underlying\nnetwork socket. (BZ#1091429)\n\n* The libcurl library used an unnecessarily long blocking delay for actions\nwith no active file descriptors, even for short operations. Some actions,\nsuch as resolving a host name using /etc/hosts, took a long time to\ncomplete. The blocking code in libcurl has been modified so that the\ninitial delay is short and gradually increases until an event occurs. \n(BZ#1130239)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1130239 - Difference in curl performance between RHEL6 and RHEL7\n1136154 - CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain\n1154060 - curl: Disable out-of-protocol fallback to SSL 3.0\n1154941 - CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS\n1161182 - Response headers added by proxy servers missing in CURLINFO_HEADER_SIZE\n1166264 - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth [RHEL-7]\n1170339 - use the default min/max TLS version provided by NSS\n1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn()\n1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated\n1213351 - CVE-2015-3148 curl: Negotiate not treated as connection-oriented\n1218272 - Performance problem with libcurl and FTP on RHEL7.X\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ncurl-7.29.0-25.el7.src.rpm\n\nx86_64:\ncurl-7.29.0-25.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-25.el7.i686.rpm\ncurl-debuginfo-7.29.0-25.el7.x86_64.rpm\nlibcurl-7.29.0-25.el7.i686.rpm\nlibcurl-7.29.0-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ncurl-debuginfo-7.29.0-25.el7.i686.rpm\ncurl-debuginfo-7.29.0-25.el7.x86_64.rpm\nlibcurl-devel-7.29.0-25.el7.i686.rpm\nlibcurl-devel-7.29.0-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ncurl-7.29.0-25.el7.src.rpm\n\nx86_64:\ncurl-7.29.0-25.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-25.el7.i686.rpm\ncurl-debuginfo-7.29.0-25.el7.x86_64.rpm\nlibcurl-7.29.0-25.el7.i686.rpm\nlibcurl-7.29.0-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ncurl-debuginfo-7.29.0-25.el7.i686.rpm\ncurl-debuginfo-7.29.0-25.el7.x86_64.rpm\nlibcurl-devel-7.29.0-25.el7.i686.rpm\nlibcurl-devel-7.29.0-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ncurl-7.29.0-25.el7.src.rpm\n\naarch64:\ncurl-7.29.0-25.el7.aarch64.rpm\ncurl-debuginfo-7.29.0-25.el7.aarch64.rpm\nlibcurl-7.29.0-25.el7.aarch64.rpm\nlibcurl-devel-7.29.0-25.el7.aarch64.rpm\n\nppc64:\ncurl-7.29.0-25.el7.ppc64.rpm\ncurl-debuginfo-7.29.0-25.el7.ppc.rpm\ncurl-debuginfo-7.29.0-25.el7.ppc64.rpm\nlibcurl-7.29.0-25.el7.ppc.rpm\nlibcurl-7.29.0-25.el7.ppc64.rpm\nlibcurl-devel-7.29.0-25.el7.ppc.rpm\nlibcurl-devel-7.29.0-25.el7.ppc64.rpm\n\nppc64le:\ncurl-7.29.0-25.el7.ppc64le.rpm\ncurl-debuginfo-7.29.0-25.el7.ppc64le.rpm\nlibcurl-7.29.0-25.el7.ppc64le.rpm\nlibcurl-devel-7.29.0-25.el7.ppc64le.rpm\n\ns390x:\ncurl-7.29.0-25.el7.s390x.rpm\ncurl-debuginfo-7.29.0-25.el7.s390.rpm\ncurl-debuginfo-7.29.0-25.el7.s390x.rpm\nlibcurl-7.29.0-25.el7.s390.rpm\nlibcurl-7.29.0-25.el7.s390x.rpm\nlibcurl-devel-7.29.0-25.el7.s390.rpm\nlibcurl-devel-7.29.0-25.el7.s390x.rpm\n\nx86_64:\ncurl-7.29.0-25.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-25.el7.i686.rpm\ncurl-debuginfo-7.29.0-25.el7.x86_64.rpm\nlibcurl-7.29.0-25.el7.i686.rpm\nlibcurl-7.29.0-25.el7.x86_64.rpm\nlibcurl-devel-7.29.0-25.el7.i686.rpm\nlibcurl-devel-7.29.0-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ncurl-7.29.0-25.el7.src.rpm\n\nx86_64:\ncurl-7.29.0-25.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-25.el7.i686.rpm\ncurl-debuginfo-7.29.0-25.el7.x86_64.rpm\nlibcurl-7.29.0-25.el7.i686.rpm\nlibcurl-7.29.0-25.el7.x86_64.rpm\nlibcurl-devel-7.29.0-25.el7.i686.rpm\nlibcurl-devel-7.29.0-25.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3613\nhttps://access.redhat.com/security/cve/CVE-2014-3707\nhttps://access.redhat.com/security/cve/CVE-2014-8150\nhttps://access.redhat.com/security/cve/CVE-2015-3143\nhttps://access.redhat.com/security/cve/CVE-2015-3148\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWTkDjXlSAg2UNWIIRAiUIAKCDiD6XED0dZ145uiyufkWCK1ogUACgnQTY\n3iELkxAEAUfZ3lJlUq4u7Uo=\n=rhuc\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n \n libcurl can in some circumstances re-use the wrong connection when\n asked to do transfers using other protocols than HTTP and FTP, causing\n a transfer that was initiated by an application to wrongfully re-use\n an existing connection to the same server that was authenticated\n using different credentials (CVE-2014-0138). \n \n libcurl incorrectly validates wildcard SSL certificates containing\n literal IP addresses, so under certain conditions, it would allow\n and use a wildcard match specified in the CN field, allowing a\n malicious server to participate in a MITM attack or just fool users\n into believing that it is a legitimate site (CVE-2014-0139). For this problem to trigger, the client application must use\n the numerical IP address in the URL to access the site (CVE-2014-3613). \n \n Symeon Paraschoudis discovered that the curl_easy_duphandle() function\n in cURL has a bug that can lead to libcurl eventually sending off\n sensitive data that was not intended for sending, while performing\n a HTTP POST operation. This bug requires CURLOPT_COPYPOSTFIELDS and\n curl_easy_duphandle() to be used in that order, and then the duplicate\n handle must be used to perform the HTTP POST. The curl command line\n tool is not affected by this problem as it does not use this sequence\n (CVE-2014-3707). \n \n When libcurl sends a request to a server via a HTTP proxy, it copies\n the entire URL into the request and sends if off. If the given URL\n contains line feeds and carriage returns those will be sent along to\n the proxy too, which allows the program to for example send a separate\n HTTP request injected embedded in the URL (CVE-2014-8150). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3613\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3620\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3707\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8150\n http://advisories.mageia.org/MGASA-2014-0153.html\n http://advisories.mageia.org/MGASA-2014-0385.html\n http://advisories.mageia.org/MGASA-2014-0444.html\n http://advisories.mageia.org/MGASA-2015-0020.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 498d59be3a6a4ace215c0d98fb4abede  mbs2/x86_64/curl-7.34.0-3.1.mbs2.x86_64.rpm\n 75a821b73a75ca34f1747a0f7479267f  mbs2/x86_64/curl-examples-7.34.0-3.1.mbs2.noarch.rpm\n f5d3aad5f0fd9db68b87c648aaabbb4a  mbs2/x86_64/lib64curl4-7.34.0-3.1.mbs2.x86_64.rpm\n 4f356a2c97f9f64124b4e8ebe307826a  mbs2/x86_64/lib64curl-devel-7.34.0-3.1.mbs2.x86_64.rpm \n d010a357d76a8eb967c7c52f92fb35ae  mbs2/SRPMS/curl-7.34.0-3.1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.26.0-1+wheezy10. \n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 7.38.0-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.38.0-1. \n\nWe recommend that you upgrade your curl packages",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-3613"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005511"
          },
          {
            "db": "BID",
            "id": "69748"
          },
          {
            "db": "VULHUB",
            "id": "VHN-71553"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-3613"
          },
          {
            "db": "PACKETSTORM",
            "id": "128244"
          },
          {
            "db": "PACKETSTORM",
            "id": "133079"
          },
          {
            "db": "PACKETSTORM",
            "id": "134443"
          },
          {
            "db": "PACKETSTORM",
            "id": "131105"
          },
          {
            "db": "PACKETSTORM",
            "id": "128403"
          },
          {
            "db": "PACKETSTORM",
            "id": "128204"
          }
        ],
        "trust": 2.61
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-71553",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-71553"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-3613",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "69748",
            "trust": 2.1
          },
          {
            "db": "JUNIPER",
            "id": "JSA10743",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005511",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1276",
            "trust": 0.7
          },
          {
            "db": "SECUNIA",
            "id": "61077",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "61591",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "61026",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "60411",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "61239",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "134443",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "128244",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "128403",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "128204",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "132792",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-71553",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-3613",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "133079",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "131105",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-71553"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-3613"
          },
          {
            "db": "BID",
            "id": "69748"
          },
          {
            "db": "PACKETSTORM",
            "id": "128244"
          },
          {
            "db": "PACKETSTORM",
            "id": "133079"
          },
          {
            "db": "PACKETSTORM",
            "id": "134443"
          },
          {
            "db": "PACKETSTORM",
            "id": "131105"
          },
          {
            "db": "PACKETSTORM",
            "id": "128403"
          },
          {
            "db": "PACKETSTORM",
            "id": "128204"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1276"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005511"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3613"
          }
        ]
      },
      "id": "VAR-201411-0410",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-71553"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T23:15:37.764000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
            "trust": 0.8,
            "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
          },
          {
            "title": "HT205031",
            "trust": 0.8,
            "url": "https://support.apple.com/en-us/HT205031"
          },
          {
            "title": "HT205031",
            "trust": 0.8,
            "url": "https://support.apple.com/ja-jp/HT205031"
          },
          {
            "title": "Oracle Critical Patch Update Advisory - July 2015",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
          },
          {
            "title": "libcurl cookie leak with IP address as domain",
            "trust": 0.8,
            "url": "http://curl.haxx.se/docs/adv_20140910A.html"
          },
          {
            "title": "July 2015 Critical Patch Update Released",
            "trust": 0.8,
            "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
          },
          {
            "title": "Red Hat: Moderate: curl security, bug fix, and enhancement update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20152159 - Security Advisory"
          },
          {
            "title": "Ubuntu Security Notice: curl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2346-1"
          },
          {
            "title": "Debian Security Advisories: DSA-3022-1 curl -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=35cc15eaec0478affc20cf6c42bfcea2"
          },
          {
            "title": "Red Hat: CVE-2014-3613",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-3613"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2014-407",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-407"
          },
          {
            "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
          },
          {
            "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-3613"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005511"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-310",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-71553"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005511"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3613"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/69748"
          },
          {
            "trust": 1.8,
            "url": "http://curl.haxx.se/docs/adv_20140910a.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.debian.org/security/2014/dsa-3022"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html"
          },
          {
            "trust": 1.2,
            "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
          },
          {
            "trust": 1.2,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "trust": 1.2,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "trust": 1.2,
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "trust": 1.2,
            "url": "https://support.apple.com/kb/ht205031"
          },
          {
            "trust": 1.2,
            "url": "http://rhn.redhat.com/errata/rhsa-2015-1254.html"
          },
          {
            "trust": 1.1,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10743"
          },
          {
            "trust": 1.0,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3613"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3613"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3613"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/60411"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/61026"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/61077"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/61239"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/61591"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3620"
          },
          {
            "trust": 0.3,
            "url": "http://curl.haxx.se/"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3707"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8150"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2014-3613"
          },
          {
            "trust": 0.2,
            "url": "http://advisories.mageia.org/mgasa-2014-0385.html"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3620"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/en/support/security/"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/en/support/security/advisories/"
          },
          {
            "trust": 0.2,
            "url": "http://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10743"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/310.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2015:2159"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37164"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/2346-1/"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.10"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-2346-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.19.7-1ubuntu1.9"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8109"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1775"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3583"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7185"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/en-us/ht205033"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8161"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2776"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7422"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8767"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5044"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2777"
          },
          {
            "trust": 0.1,
            "url": "http://www.apple.com/support/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3581"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7844"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0106"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1776"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8769"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7338"
          },
          {
            "trust": 0.1,
            "url": "https://www.safeye.org)"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0191"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0067"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5078"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7040"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6685"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8151"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3660"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1912"
          },
          {
            "trust": 0.1,
            "url": "https://rhn.redhat.com/errata/rhsa-2015-2159.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-3143"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3148"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-3707"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3143"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-3148"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-8150"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0015"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0015"
          },
          {
            "trust": 0.1,
            "url": "http://advisories.mageia.org/mgasa-2015-0020.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0138"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0139"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8150"
          },
          {
            "trust": 0.1,
            "url": "http://advisories.mageia.org/mgasa-2014-0444.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0139"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0138"
          },
          {
            "trust": 0.1,
            "url": "http://advisories.mageia.org/mgasa-2014-0153.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3707"
          },
          {
            "trust": 0.1,
            "url": "http://www.debian.org/security/faq"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-71553"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-3613"
          },
          {
            "db": "BID",
            "id": "69748"
          },
          {
            "db": "PACKETSTORM",
            "id": "128244"
          },
          {
            "db": "PACKETSTORM",
            "id": "133079"
          },
          {
            "db": "PACKETSTORM",
            "id": "134443"
          },
          {
            "db": "PACKETSTORM",
            "id": "131105"
          },
          {
            "db": "PACKETSTORM",
            "id": "128403"
          },
          {
            "db": "PACKETSTORM",
            "id": "128204"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1276"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005511"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3613"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-71553",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-3613",
            "ident": null
          },
          {
            "db": "BID",
            "id": "69748",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "128244",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "133079",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134443",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "131105",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "128403",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "128204",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1276",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005511",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3613",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-11-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-71553",
            "ident": null
          },
          {
            "date": "2014-11-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-3613",
            "ident": null
          },
          {
            "date": "2014-09-11T00:00:00",
            "db": "BID",
            "id": "69748",
            "ident": null
          },
          {
            "date": "2014-09-15T17:52:31",
            "db": "PACKETSTORM",
            "id": "128244",
            "ident": null
          },
          {
            "date": "2015-08-13T22:15:27",
            "db": "PACKETSTORM",
            "id": "133079",
            "ident": null
          },
          {
            "date": "2015-11-20T00:41:15",
            "db": "PACKETSTORM",
            "id": "134443",
            "ident": null
          },
          {
            "date": "2015-03-30T21:28:34",
            "db": "PACKETSTORM",
            "id": "131105",
            "ident": null
          },
          {
            "date": "2014-09-25T15:14:15",
            "db": "PACKETSTORM",
            "id": "128403",
            "ident": null
          },
          {
            "date": "2014-09-11T21:05:15",
            "db": "PACKETSTORM",
            "id": "128204",
            "ident": null
          },
          {
            "date": "2014-09-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201410-1276",
            "ident": null
          },
          {
            "date": "2014-11-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005511",
            "ident": null
          },
          {
            "date": "2014-11-18T15:59:00.140000",
            "db": "NVD",
            "id": "CVE-2014-3613",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-01-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-71553",
            "ident": null
          },
          {
            "date": "2018-01-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-3613",
            "ident": null
          },
          {
            "date": "2016-07-05T22:09:00",
            "db": "BID",
            "id": "69748",
            "ident": null
          },
          {
            "date": "2014-11-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201410-1276",
            "ident": null
          },
          {
            "date": "2015-08-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005511",
            "ident": null
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-3613",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1276"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "cURL and  libcurl In  Cookie Vulnerability set",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005511"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1276"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202210-1888

    Vulnerability from variot - Updated: 2026-04-10 22:55

    When doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent POST request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. (CVE-2022-42915). ========================================================================== Ubuntu Security Notice USN-5702-1 October 26, 2022

    curl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 22.10
    • Ubuntu 22.04 LTS
    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS

    Summary:

    Several security issues were fixed in curl.

    Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

    Details:

    Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. (CVE-2022-32221)

    Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-35260)

    It was discovered that curl incorrectly handled certain HTTP proxy return codes. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42915)

    Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42916)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 22.10: curl 7.85.0-1ubuntu0.1 libcurl3-gnutls 7.85.0-1ubuntu0.1 libcurl3-nss 7.85.0-1ubuntu0.1 libcurl4 7.85.0-1ubuntu0.1

    Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.6 libcurl3-gnutls 7.81.0-1ubuntu1.6 libcurl3-nss 7.81.0-1ubuntu1.6 libcurl4 7.81.0-1ubuntu1.6

    Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.14 libcurl3-gnutls 7.68.0-1ubuntu2.14 libcurl3-nss 7.68.0-1ubuntu2.14 libcurl4 7.68.0-1ubuntu2.14

    Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.21 libcurl3-gnutls 7.58.0-2ubuntu3.21 libcurl3-nss 7.58.0-2ubuntu3.21 libcurl4 7.58.0-2ubuntu3.21

    In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01


                                           https://security.gentoo.org/
    

    Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01


    Synopsis

    Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

    Background

    A command line tool and library for transferring data with URLs.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-misc/curl < 7.86.0 >= 7.86.0

    Description

    Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All curl users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"

    References

    [ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202212-01

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2023-01-23-4 macOS Ventura 13.2

    macOS Ventura 13.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213605.

    AppleMobileFileIntegrity Available for: macOS Ventura Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling hardened runtime. CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog)

    curl Available for: macOS Ventura Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.86.0. CVE-2022-42915 CVE-2022-42916 CVE-2022-32221 CVE-2022-35260

    dcerpc Available for: macOS Ventura Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos

    DiskArbitration Available for: macOS Ventura Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)

    ImageIO Available for: macOS Ventura Impact: Processing an image may lead to a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)

    Intel Graphics Driver Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2023-23507: an anonymous researcher

    Kernel Available for: macOS Ventura Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)

    Kernel Available for: macOS Ventura Impact: An app may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)

    Kernel Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-23504: Adam Doupé of ASU SEFCOM

    libxpc Available for: macOS Ventura Impact: An app may be able to access user-sensitive data Description: A permissions issue was addressed with improved validation. CVE-2023-23506: Guilherme Rambo of Best Buddy Apps (rambo.codes)

    Mail Drafts Available for: macOS Ventura Impact: The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account Description: A logic issue was addressed with improved state management. CVE-2023-23498: an anonymous researcher

    Maps Available for: macOS Ventura Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2023-23503: an anonymous researcher

    PackageKit Available for: macOS Ventura Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2023-23497: Mickey Jin (@patch1t)

    Safari Available for: macOS Ventura Impact: An app may be able to access a user’s Safari history Description: A permissions issue was addressed with improved validation. CVE-2023-23510: Guilherme Rambo of Best Buddy Apps (rambo.codes)

    Safari Available for: macOS Ventura Impact: Visiting a website may lead to an app denial-of-service Description: The issue was addressed with improved handling of caches. CVE-2023-23512: Adriatik Raci

    Screen Time Available for: macOS Ventura Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

    Vim Available for: macOS Ventura Impact: Multiple issues in Vim Description: A use after free issue was addressed with improved memory management. CVE-2022-3705

    Weather Available for: macOS Ventura Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher

    WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved checks. WebKit Bugzilla: 245464 CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming Wang, JiKai Ren and Hang Shu of Institute of Computing Technology, Chinese Academy of Sciences

    WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 248268 CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE WebKit Bugzilla: 248268 CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

    Wi-Fi Available for: macOS Ventura Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2023-23501: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)

    Windows Installer Available for: macOS Ventura Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23508: Mickey Jin (@patch1t)

    Additional recognition

    Bluetooth We would like to acknowledge an anonymous researcher for their assistance.

    Kernel We would like to acknowledge Nick Stenning of Replicate for their assistance.

    Shortcuts We would like to acknowledge Baibhav Anand Jha from ReconWithMe and Cristian Dinca of Tudor Vianu National High School of Computer Science, Romania for their assistance.

    WebKit We would like to acknowledge Eliya Stein of Confiant for their assistance.

    macOS Ventura 13.2 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke Nxnt7RAA2a0c/Ij93MfR8eiNMkIHVnr+wL+4rckVmHvs85dSHNBqQ8+kYpAs2tEk 7CVZoxAGg8LqVa6ZmBbAp5ZJGi2nV8LjOYzaWw/66d648QC2upTWJ93sWmZ7LlLb m9pcLfBsdAFPmVa8VJO0fxJGkxsCP0cQiBl+f9R4ObZBBiScbHUckSmHa6Qn/Q2U VsnHnJznAlDHMXiaV3O1zKBeahkqSx/IfO04qmk8oMWh89hI53S551Z3NEx63zgd Cx8JENj2NpFlgmZ0w0Tz5ZZ3LT4Ok28ns8N762JLE2nbTfEl7rM+bjUfWg4yJ1Rp TCEelbLKfUjlrh2N1fe0XWBs9br/069QlhTBBVd/qAbUBxkS/UOlWk3Vp+TI0bkK rrXouRijzRmBBK93jfWxhyd27avqQHmc04ofjY/lNYOCcGMrr813cGKNs90aRfcg joKeC51mYJnlTyMB0nDcJx3b5+MN+Ij7Sa04B9dbH162YFxp4LsaavmR0MooN1T9 3XrXEQ71a3pvdoF1ffW9Mz7vaqhBkffnzQwWU5zY2RwDTjFyHdNyI/1JkVzYmAxq QR4uA5gCDYYk/3rzlrVot+ezHX525clTHsvEYhIfu+i1HCxqdpvfaHbn2m+i1QtU /Lzz2mySt3y0akZ2rHwPfBZ8UFfvaauyhZ3EhSP3ikGs9DOsv1w= =pcJ4 -----END PGP SIGNATURE-----

    .

    Software Description: - mysql-8.0: MySQL database - mysql-5.7: MySQL database

    Details:

    Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.

    In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. In general, a standard system update will make all the necessary changes.

    For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u5. This update also revises the fix for CVE-2022-27774 released in DSA-5197-1.

    We recommend that you upgrade your curl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: curl security update Advisory ID: RHSA-2023:4139-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4139 Issue date: 2023-07-18 CVE Names: CVE-2022-32221 CVE-2023-23916 =====================================================================

    1. Summary:

    An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:

    Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

    1. Description:

    The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

    Security Fix(es):

    • curl: POST following PUT confusion (CVE-2022-32221)

    • curl: HTTP multi-header compression denial of service (CVE-2023-23916)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2135411 - CVE-2022-32221 curl: POST following PUT confusion 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service

    1. Package List:

    Red Hat Enterprise Linux AppStream EUS (v.9.0):

    aarch64: curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm libcurl-devel-7.76.1-14.el9_0.6.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

    ppc64le: curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-devel-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

    s390x: curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm libcurl-devel-7.76.1-14.el9_0.6.s390x.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

    x86_64: curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm curl-debugsource-7.76.1-14.el9_0.6.i686.rpm curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm libcurl-devel-7.76.1-14.el9_0.6.i686.rpm libcurl-devel-7.76.1-14.el9_0.6.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

    Red Hat Enterprise Linux BaseOS EUS (v.9.0):

    Source: curl-7.76.1-14.el9_0.6.src.rpm

    aarch64: curl-7.76.1-14.el9_0.6.aarch64.rpm curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm curl-minimal-7.76.1-14.el9_0.6.aarch64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm libcurl-7.76.1-14.el9_0.6.aarch64.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm libcurl-minimal-7.76.1-14.el9_0.6.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

    ppc64le: curl-7.76.1-14.el9_0.6.ppc64le.rpm curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm curl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

    s390x: curl-7.76.1-14.el9_0.6.s390x.rpm curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm curl-minimal-7.76.1-14.el9_0.6.s390x.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm libcurl-7.76.1-14.el9_0.6.s390x.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm libcurl-minimal-7.76.1-14.el9_0.6.s390x.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

    x86_64: curl-7.76.1-14.el9_0.6.x86_64.rpm curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm curl-debugsource-7.76.1-14.el9_0.6.i686.rpm curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm curl-minimal-7.76.1-14.el9_0.6.x86_64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm libcurl-7.76.1-14.el9_0.6.i686.rpm libcurl-7.76.1-14.el9_0.6.x86_64.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm libcurl-minimal-7.76.1-14.el9_0.6.i686.rpm libcurl-minimal-7.76.1-14.el9_0.6.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2022-32221 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2023 Red Hat, Inc

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.86.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.6.3"
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32221"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ubuntu",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "169538"
          },
          {
            "db": "PACKETSTORM",
            "id": "169535"
          },
          {
            "db": "PACKETSTORM",
            "id": "170729"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2022-32221",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-32221",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-32221",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-32221",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-2214",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32221"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32221"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. (CVE-2022-42915). ==========================================================================\nUbuntu Security Notice USN-5702-1\nOctober 26, 2022\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nRobby Simpson discovered that curl incorrectly handled certain POST\noperations after PUT operations. \n(CVE-2022-32221)\n\nHiroki Kurosawa discovered that curl incorrectly handled parsing .netrc\nfiles. If an attacker were able to provide a specially crafted .netrc file,\nthis issue could cause curl to crash, resulting in a denial of service. \nThis issue only affected Ubuntu 22.10. (CVE-2022-35260)\n\nIt was discovered that curl incorrectly handled certain HTTP proxy return\ncodes. A remote attacker could use this issue to cause curl to crash,\nresulting in a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42915)\n\nHiroki Kurosawa discovered that curl incorrectly handled HSTS support\nwhen certain hostnames included IDN characters. A remote attacker could\npossibly use this issue to cause curl to use unencrypted connections. This\nissue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42916)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n   curl                            7.85.0-1ubuntu0.1\n   libcurl3-gnutls                 7.85.0-1ubuntu0.1\n   libcurl3-nss                    7.85.0-1ubuntu0.1\n   libcurl4                        7.85.0-1ubuntu0.1\n\nUbuntu 22.04 LTS:\n   curl                            7.81.0-1ubuntu1.6\n   libcurl3-gnutls                 7.81.0-1ubuntu1.6\n   libcurl3-nss                    7.81.0-1ubuntu1.6\n   libcurl4                        7.81.0-1ubuntu1.6\n\nUbuntu 20.04 LTS:\n   curl                            7.68.0-1ubuntu2.14\n   libcurl3-gnutls                 7.68.0-1ubuntu2.14\n   libcurl3-nss                    7.68.0-1ubuntu2.14\n   libcurl4                        7.68.0-1ubuntu2.14\n\nUbuntu 18.04 LTS:\n   curl                            7.58.0-2ubuntu3.21\n   libcurl3-gnutls                 7.58.0-2ubuntu3.21\n   libcurl3-nss                    7.58.0-2ubuntu3.21\n   libcurl4                        7.58.0-2ubuntu3.21\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: curl: Multiple Vulnerabilities\n     Date: December 19, 2022\n     Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n       ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl              \u003c 7.86.0                    \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2023-01-23-4 macOS Ventura 13.2\n\nmacOS Ventura 13.2 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213605. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Ventura\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2023-23499: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n(wojciechregula.blog)\n\ncurl\nAvailable for: macOS Ventura\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.86.0. \nCVE-2022-42915\nCVE-2022-42916\nCVE-2022-32221\nCVE-2022-35260\n\ndcerpc\nAvailable for: macOS Ventura\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco\nTalos\n\nDiskArbitration\nAvailable for: macOS Ventura\nImpact: An encrypted volume may be unmounted and remounted by a\ndifferent user without prompting for the password\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)\n\nImageIO\nAvailable for: macOS Ventura\nImpact: Processing an image may lead to a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2023-23519: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nIntel Graphics Driver\nAvailable for: macOS Ventura\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2023-23507: an anonymous researcher\n\nKernel\nAvailable for: macOS Ventura\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. \nLtd. (@starlabs_sg)\n\nKernel\nAvailable for: macOS Ventura\nImpact: An app may be able to determine kernel memory layout\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. \nLtd. (@starlabs_sg)\n\nKernel\nAvailable for: macOS Ventura\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23504: Adam Doup\u00e9 of ASU SEFCOM\n\nlibxpc\nAvailable for: macOS Ventura\nImpact: An app may be able to access user-sensitive data\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2023-23506: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nMail Drafts\nAvailable for: macOS Ventura\nImpact: The quoted original message may be selected from the wrong\nemail when forwarding an email from an Exchange account\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23498: an anonymous researcher\n\nMaps\nAvailable for: macOS Ventura\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23503: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Ventura\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23497: Mickey Jin (@patch1t)\n\nSafari\nAvailable for: macOS Ventura\nImpact: An app may be able to access a user\u2019s Safari history\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2023-23510: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nSafari\nAvailable for: macOS Ventura\nImpact: Visiting a website may lead to an app denial-of-service\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2023-23512: Adriatik Raci\n\nScreen Time\nAvailable for: macOS Ventura\nImpact: An app may be able to access information about a user\u2019s\ncontacts\nDescription: A privacy issue was addressed with improved private data\nredaction for log entries. \nCVE-2023-23505: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nVim\nAvailable for: macOS Ventura\nImpact: Multiple issues in Vim\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-3705\n\nWeather\nAvailable for: macOS Ventura\nImpact: An app may be able to bypass Privacy preferences\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an\nanonymous researcher\n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: The issue was addressed with improved checks. \nWebKit Bugzilla: 245464\nCVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming\nWang, JiKai Ren and Hang Shu of Institute of Computing Technology,\nChinese Academy of Sciences\n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nWebKit Bugzilla: 248268\nCVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park\n(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),\nJunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE\nWebKit Bugzilla: 248268\nCVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park\n(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),\nJunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE\n\nWi-Fi\nAvailable for: macOS Ventura\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23501: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. \nLtd. (@starlabs_sg)\n\nWindows Installer\nAvailable for: macOS Ventura\nImpact: An app may be able to bypass Privacy preferences\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23508: Mickey Jin (@patch1t)\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nKernel\nWe would like to acknowledge Nick Stenning of Replicate for their\nassistance. \n\nShortcuts\nWe would like to acknowledge Baibhav Anand Jha from ReconWithMe and\nCristian Dinca of Tudor Vianu National High School of Computer\nScience, Romania for their assistance. \n\nWebKit\nWe would like to acknowledge Eliya Stein of Confiant for their\nassistance. \n\nmacOS Ventura 13.2 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke\nNxnt7RAA2a0c/Ij93MfR8eiNMkIHVnr+wL+4rckVmHvs85dSHNBqQ8+kYpAs2tEk\n7CVZoxAGg8LqVa6ZmBbAp5ZJGi2nV8LjOYzaWw/66d648QC2upTWJ93sWmZ7LlLb\nm9pcLfBsdAFPmVa8VJO0fxJGkxsCP0cQiBl+f9R4ObZBBiScbHUckSmHa6Qn/Q2U\nVsnHnJznAlDHMXiaV3O1zKBeahkqSx/IfO04qmk8oMWh89hI53S551Z3NEx63zgd\nCx8JENj2NpFlgmZ0w0Tz5ZZ3LT4Ok28ns8N762JLE2nbTfEl7rM+bjUfWg4yJ1Rp\nTCEelbLKfUjlrh2N1fe0XWBs9br/069QlhTBBVd/qAbUBxkS/UOlWk3Vp+TI0bkK\nrrXouRijzRmBBK93jfWxhyd27avqQHmc04ofjY/lNYOCcGMrr813cGKNs90aRfcg\njoKeC51mYJnlTyMB0nDcJx3b5+MN+Ij7Sa04B9dbH162YFxp4LsaavmR0MooN1T9\n3XrXEQ71a3pvdoF1ffW9Mz7vaqhBkffnzQwWU5zY2RwDTjFyHdNyI/1JkVzYmAxq\nQR4uA5gCDYYk/3rzlrVot+ezHX525clTHsvEYhIfu+i1HCxqdpvfaHbn2m+i1QtU\n/Lzz2mySt3y0akZ2rHwPfBZ8UFfvaauyhZ3EhSP3ikGs9DOsv1w=\n=pcJ4\n-----END PGP SIGNATURE-----\n\n\n. \n\nSoftware Description:\n- mysql-8.0: MySQL database\n- mysql-5.7: MySQL database\n\nDetails:\n\nMultiple security issues were discovered in MySQL and this update includes\nnew upstream MySQL versions to fix these issues. \n\nIn addition to security fixes, the updated packages contain bug fixes, new\nfeatures, and possibly incompatible changes. In general, a standard system update will make all the necessary\nchanges. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u5. This update also revises the fix for\nCVE-2022-27774 released in DSA-5197-1. \n\nWe recommend that you upgrade your curl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: curl security update\nAdvisory ID:       RHSA-2023:4139-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:4139\nIssue date:        2023-07-18\nCVE Names:         CVE-2022-32221 CVE-2023-23916 \n=====================================================================\n\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 9.0\nExtended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: POST following PUT confusion (CVE-2022-32221)\n\n* curl: HTTP multi-header compression denial of service (CVE-2023-23916)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2135411 - CVE-2022-32221 curl: POST following PUT confusion\n2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream EUS (v.9.0):\n\naarch64:\ncurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-devel-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\n\nppc64le:\ncurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-devel-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\n\ns390x:\ncurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-devel-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\n\nx86_64:\ncurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.i686.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-devel-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-devel-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS EUS (v.9.0):\n\nSource:\ncurl-7.76.1-14.el9_0.6.src.rpm\n\naarch64:\ncurl-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-minimal-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-minimal-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\n\nppc64le:\ncurl-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\n\ns390x:\ncurl-7.76.1-14.el9_0.6.s390x.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.s390x.rpm\ncurl-minimal-7.76.1-14.el9_0.6.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-minimal-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\n\nx86_64:\ncurl-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.i686.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-minimal-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-minimal-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-minimal-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32221\nhttps://access.redhat.com/security/cve/CVE-2023-23916\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32221"
          },
          {
            "db": "VULHUB",
            "id": "VHN-424148"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32221"
          },
          {
            "db": "PACKETSTORM",
            "id": "169538"
          },
          {
            "db": "PACKETSTORM",
            "id": "169535"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "170697"
          },
          {
            "db": "PACKETSTORM",
            "id": "170696"
          },
          {
            "db": "PACKETSTORM",
            "id": "170729"
          },
          {
            "db": "PACKETSTORM",
            "id": "170777"
          },
          {
            "db": "PACKETSTORM",
            "id": "173569"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-32221",
            "trust": 2.6
          },
          {
            "db": "HACKERONE",
            "id": "1704017",
            "trust": 1.7
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2023/05/17/4",
            "trust": 1.6
          },
          {
            "db": "PACKETSTORM",
            "id": "170777",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169535",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169538",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "170166",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3143",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3732",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.4030",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5421",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.6333",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "170729",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "170648",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-424148",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32221",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170303",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170697",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170696",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "173569",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424148"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32221"
          },
          {
            "db": "PACKETSTORM",
            "id": "169538"
          },
          {
            "db": "PACKETSTORM",
            "id": "169535"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "170697"
          },
          {
            "db": "PACKETSTORM",
            "id": "170696"
          },
          {
            "db": "PACKETSTORM",
            "id": "170729"
          },
          {
            "db": "PACKETSTORM",
            "id": "170777"
          },
          {
            "db": "PACKETSTORM",
            "id": "173569"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32221"
          }
        ]
      },
      "id": "VAR-202210-1888",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424148"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T22:55:07.161000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "curl Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=216855"
          },
          {
            "title": "Ubuntu Security Notice: USN-5702-2: curl vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5702-2"
          },
          {
            "title": "Ubuntu Security Notice: USN-5702-1: curl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5702-1"
          },
          {
            "title": "Red Hat: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-32221"
          },
          {
            "title": "IBM: Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by multiple vulnerabilities in libcurl (CVE-2022-42915, CVE-2022-42916, CVE-2022-32221)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=93e8baf3e9bfd9ab92a05b44368ef244"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-32221"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-668",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-200",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424148"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32221"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/202212-01"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20230110-0006/"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20230208-0002/"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht213604"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht213605"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2023/dsa-5330"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2023/jan/19"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2023/jan/20"
          },
          {
            "trust": 1.7,
            "url": "https://hackerone.com/reports/1704017"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.openwall.com/lists/oss-security/2023/05/17/4"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-32221"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-32221/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.4030"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/curl-reuse-after-free-39731"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht213604"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169538/ubuntu-security-notice-usn-5702-2.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169535/ubuntu-security-notice-usn-5702-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5421"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/170166/red-hat-security-advisory-2022-8840-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/170777/debian-security-advisory-5330-1.html"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
          },
          {
            "trust": 0.3,
            "url": "https://ubuntu.com/security/notices/usn-5702-1"
          },
          {
            "trust": 0.2,
            "url": "https://ubuntu.com/security/notices/usn-5702-2"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23493"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23497"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23499"
          },
          {
            "trust": 0.2,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23502"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/en-us/ht201222."
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.6"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.14"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.21"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.85.0-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23507"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23504"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23505"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32915"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23508"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht213604."
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht213605."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23503"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23501"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23496"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23498"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23500"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.20.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.22.10.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21877"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21881"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.22.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.41-0ubuntu0.18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21871"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21867"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5823-1"
          },
          {
            "trust": 0.1,
            "url": "https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43552"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/curl"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:4139"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-23916"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424148"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32221"
          },
          {
            "db": "PACKETSTORM",
            "id": "169538"
          },
          {
            "db": "PACKETSTORM",
            "id": "169535"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "170697"
          },
          {
            "db": "PACKETSTORM",
            "id": "170696"
          },
          {
            "db": "PACKETSTORM",
            "id": "170729"
          },
          {
            "db": "PACKETSTORM",
            "id": "170777"
          },
          {
            "db": "PACKETSTORM",
            "id": "173569"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32221"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-424148",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32221",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169538",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169535",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170303",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170697",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170696",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170729",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170777",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "173569",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32221",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-12-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-424148",
            "ident": null
          },
          {
            "date": "2022-10-27T13:04:37",
            "db": "PACKETSTORM",
            "id": "169538",
            "ident": null
          },
          {
            "date": "2022-10-27T13:03:39",
            "db": "PACKETSTORM",
            "id": "169535",
            "ident": null
          },
          {
            "date": "2022-12-19T13:48:31",
            "db": "PACKETSTORM",
            "id": "170303",
            "ident": null
          },
          {
            "date": "2023-01-24T16:41:07",
            "db": "PACKETSTORM",
            "id": "170697",
            "ident": null
          },
          {
            "date": "2023-01-24T16:40:49",
            "db": "PACKETSTORM",
            "id": "170696",
            "ident": null
          },
          {
            "date": "2023-01-25T16:09:53",
            "db": "PACKETSTORM",
            "id": "170729",
            "ident": null
          },
          {
            "date": "2023-01-30T16:25:15",
            "db": "PACKETSTORM",
            "id": "170777",
            "ident": null
          },
          {
            "date": "2023-07-18T13:47:37",
            "db": "PACKETSTORM",
            "id": "173569",
            "ident": null
          },
          {
            "date": "2022-10-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-2214",
            "ident": null
          },
          {
            "date": "2022-12-05T22:15:10.343000",
            "db": "NVD",
            "id": "CVE-2022-32221",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-03-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-424148",
            "ident": null
          },
          {
            "date": "2023-07-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-2214",
            "ident": null
          },
          {
            "date": "2026-02-13T20:16:13.200000",
            "db": "NVD",
            "id": "CVE-2022-32221",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "curl Security hole",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202108-2222

    Vulnerability from variot - Updated: 2026-04-10 22:46

    libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. cURL There is a vulnerability in the use of incorrectly resolved names and references.Information may be obtained. A security issue has been found in curl before version 7.78.0. The comparison also didn't include the 'issuer cert' which a transfer can set to qualify how to verify the server certificate. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: rh-dotnet31-curl security update Advisory ID: RHSA-2022:1354-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1354 Issue date: 2022-04-13 CVE Names: CVE-2021-22876 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 ==================================================================== 1. Summary:

    An update for rh-dotnet31-curl is now available for .NET Core on Red Hat Enterprise Linux.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

    1. Description:

    .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

    Security Fix(es):

    • curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)

    • curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924)

    • curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946)

    • curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks 2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols 2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake

    1. Package List:

    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm

    x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux Server (v. 7):

    Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm

    x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):

    Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm

    x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYlb3SNzjgjWX9erEAQgpXg/5AT2Nh6ff5mqlZ7dY4dfRgIFgwWOFbvsL 7SHL2ScZJGC2ArXHw9ZpL6XqOZlNm6LGy3V9py4CTEt3lSOl1i3NG4LBKjA7tnea C0l327UhJZqwg1NtZzuhfJTjngxY+09PKNF9X9ULfISZAU0LJlA32VsY/Aw3r2Pu tPx+v+xFKHov+lCT9M75Y7gd0O1McWRwnLF+9E8sVYfkkWp/KMEg4BiuiIax+5lD 9Cs7sgYGct1wDMC+aXbcgM06vCY8nKTwyD67yuFjL+wbHnjcO12Kle9AIzPLQpjU LvzQRqE5/KNhH1BC0jLJwRmFuRH4q/JP8+PRK7/9ABLIl10uj37z9XKpqRj5eBKe tof7/1Fq1DIhDQXoU2TB6SdWwAW/GgLb0tQf1F9KUfgJ+PUQGZED7JzB/jjBZqEy Rh2zDbM8hpCyTBA1bZb/34NyuGG2fypXYkbAda61bWAmn/oV4+P7tV+rGVdQP9GA rlvFPm3sEvT5qHe2pI0du5+Y0yB1PjPMmwYKBlNmhuNFbKgH6dLv8KlKMcbJvu4T dA7yKkZyyxux8W1Reyp0Wzh2wJE5aQfbZm9rzVDJ896AIlO+UzqHXH4XWoFQV1Rz Foj7yKfAJAS/fumVMGd5Z2rpzf8bVjiPltQi+qXFgdyfqpkLxzSKj1tFtWxFW8P4 04zDwrF/odg=o6o+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5021-1 July 22, 2021

    curl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 21.04
    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS

    Summary:

    Several security issues were fixed in curl.

    Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

    Details:

    Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. (CVE-2021-22898, CVE-2021-22925)

    Harry Sintonen discovered that curl incorrectly reused connections in the connection pool. This could result in curl reusing the wrong connections. (CVE-2021-22924)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 21.04: curl 7.74.0-1ubuntu2.1 libcurl3-gnutls 7.74.0-1ubuntu2.1 libcurl3-nss 7.74.0-1ubuntu2.1 libcurl4 7.74.0-1ubuntu2.1

    Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.6 libcurl3-gnutls 7.68.0-1ubuntu2.6 libcurl3-nss 7.68.0-1ubuntu2.6 libcurl4 7.68.0-1ubuntu2.6

    Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.14 libcurl3-gnutls 7.58.0-2ubuntu3.14 libcurl3-nss 7.58.0-2ubuntu3.14 libcurl4 7.58.0-2ubuntu3.14

    In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):

    2007489 - RHACM 2.1.12 images 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings

    1. 8) - aarch64, ppc64le, s390x, x86_64

    2. Description:

    The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Summary:

    Red Hat Advanced Cluster Management for Kubernetes 2.1.11 General Availability release images, which provide a security fix and update the container images. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

    This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes.

    Container updates:

    • RHACM 2.1.11 images (BZ# 1999375)

    • Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied. To apply this upgrade, you must upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/):

    1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1999375 - RHACM 2.1.11 images

    1. Description:

    Quay 3.6.0 release

    Security Fix(es):

    • nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)

    • python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289)

    • nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516)

    • nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)

    • nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)

    • nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107)

    • nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492)

    • nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270)

    • nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)

    • nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)

    • nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)

    • nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)

    • nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237)

    • urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)

    • python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654)

    • browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)

    • nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)

    • nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)

    • python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290)

    • python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291)

    • python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292)

    • python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)

    • nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515)

    • python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921)

    • python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922)

    • python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923)

    • python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552)

    • nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109)

    • lodash: Prototype pollution in utilities function (CVE-2018-3721)

    • hoek: Prototype pollution in utilities function (CVE-2018-3728)

    • lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266)

    • nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)

    • python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):

    1500700 - CVE-2017-16138 nodejs-mime: Regular expression Denial of Service 1500705 - CVE-2017-16137 nodejs-debug: Regular expression Denial of Service 1545884 - CVE-2018-3721 lodash: Prototype pollution in utilities function 1545893 - CVE-2018-3728 hoek: Prototype pollution in utilities function 1546357 - CVE-2018-1107 nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format 1547272 - CVE-2018-1109 nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js 1608140 - CVE-2018-16492 nodejs-extend: Prototype pollution can allow attackers to modify object properties 1743096 - CVE-2019-1010266 lodash: uncontrolled resource consumption in Data handler causing denial of service 1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS 1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution 1901662 - CVE-2020-26237 nodejs-highlight-js: prototype pollution via a crafted HTML code block 1915257 - CVE-2020-26291 urijs: Hostname spoofing via backslashes in URL 1915420 - CVE-2020-35653 python-pillow: decoding a crafted PCX file could result in buffer over-read 1915424 - CVE-2020-35654 python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow 1927293 - CVE-2018-21270 nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure 1934470 - CVE-2021-27516 nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise 1934474 - CVE-2021-27515 nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise 1934680 - CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c 1934685 - CVE-2021-25290 python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c 1934692 - CVE-2021-25291 python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c 1934699 - CVE-2021-25292 python-pillow: backtracking regex in PDF parser could be used as a DOS attack 1934705 - CVE-2021-25293 python-pillow: out-of-bounds read in SGIRleDecode.c 1935384 - CVE-2021-27921 python-pillow: reported size of a contained image is not properly checked for a BLP container 1935396 - CVE-2021-27922 python-pillow: reported size of a contained image is not properly checked for an ICNS container 1935401 - CVE-2021-27923 python-pillow: reported size of a contained image is not properly checked for an ICO container 1940759 - CVE-2018-3774 nodejs-url-parse: incorrect hostname in url parsing 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1982378 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function

    1. JIRA issues fixed (https://issues.jboss.org/):

    PROJQUAY-1417 - zstd compressed layers PROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay PROJQUAY-1535 - As a user I can create and use nested repository name structures PROJQUAY-1583 - add "disconnected" annotation to operators PROJQUAY-1609 - Operator communicates status per managed component PROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment PROJQUAY-1791 - v1beta CRD EOL PROJQUAY-1883 - Support OCP Re-encrypt routes PROJQUAY-1887 - allow either sha or tag in related images PROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. PROJQUAY-1998 - note database deprecations in 3.6 Config Tool PROJQUAY-2050 - Support OCP Edge-Termination PROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly PROJQUAY-2102 - add clair-4.2 enrichment data to quay UI PROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1858777 - Alert for VM with 'evictionStrategy: LiveMigrate' for local PVs set 1891921 - virt-launcher is missing /usr/share/zoneinfo directory, making it impossible to set clock offset of timezone type for the guest RTC 1896469 - In cluster with OVN Kubernetes networking - a node doesn't recover when configuring linux-bridge over its default NIC 1903687 - [scale] 1K DV creation failed 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1933043 - Delete VM just after it turns into "running" is very likely to hit grace period end 1935219 - [CNV-2.5] Set memory and CPU request on hco-operator and hco-webhook deployments 1942726 - test automatic bug creation for a new release 1943164 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 1945589 - Live migration with virtiofs is possible 1953481 - New OCP priority classes are not used - Deploy 1953483 - New OCP priority classes are not used - SSP 1953484 - New OCP priority classes are not used - Storage 1955129 - Failed to bindmount hotplug-disk for hostpath-provisioner 1957852 - Could not start VM as restore snapshot was still not Complete 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 1963963 - hco.kubevirt.io:config-reader role and rolebinding are not strictly reconciled 1965050 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 1973852 - Introduce VM crashloop backoff 1976604 - [CNV-5786] IP connectivity is lost after migration (masquerade) 1976730 - Disk is not usable due to incorrect size for proper alignment 1979631 - virt-chroot: container disk validation crash prevents VMI from starting/migrating 1979659 - 4.9.0 containers 1981345 - 4.9.0 rpms 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1985083 - VMI Pod fails to terminate due to a zombie qemu process 1985649 - virt-handler Pod is missing xorrisofs command 1985670 - virt-launcher fails to create v1 controller cpu for group: Read-only file system 1985719 - Unprivileged client fails to get guest agent data 1989176 - kube-cni-linux-bridge-plugin Pod is missing bridge CNI plugin 1989263 - VM Snapshot may freeze guest indefinitely 1989269 - Online VM Snapshot storing incorrect VM spec 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1991691 - Enable DownwardMetrics FeatureGate via HCO CR 1992608 - kubevirt doesn't respect useEmulation: true 1993121 - Rhel9 templates - provider-url should be updated to https://www.redhat.com/ 1994389 - Some of the cdi resources missing app labels 1995295 - SCC annotation of ssp-operator was changed to privileged 1996407 - [cdi-functional-tests] cdi-docker-registry-host Pod fails to start 1997014 - Common templates - dataVolumeTemplates API version should be updated 1998054 - RHEL9 template - update template description. 1998656 - no "name" label in ssp-operator pod 1999571 - NFS clone not progressing when clone sizes mismatch (target > source) 1999617 - Unable to create a VM with nonroot VirtLauncher Pods 1999835 - ConsoleCLIDownload | wrong path in virtctl archive URL 2000052 - NNCP creation failures after nmstate-handler pod deletion 2000204 - [4.9.0] [RFE] volumeSnapshotStatuses reason does not check for volume type that do not support snapshots 2001041 - [4.9.0] Importer attempts to shrink an image in certain situations 2001047 - Automatic size detection may not request a PVC that is large enough for an import 2003473 - Failed to Migrate Windows VM with CDROM (readonly) 2005695 - With descheduler during multiple VMIs migrations, some VMs are restarted 2006418 - Clone Strategy does not work as described 2008900 - Eviction of not live migratable VMs due to virt-launcher upgrade can happen outside the upgrade window 2010742 - [CNV-4.9] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2011179 - Cluster-wide live migration limits and timeouts are not suitable 2017394 - After upgrade, live migration is Pending 2018521 - [Storage] Failed to restore VirtualMachineSnapshot after CNV upgrade

    5

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "mysql server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.26"
          },
          {
            "_id": null,
            "model": "scalance m876-3",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "sinec infrastructure network services",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.0.1.1"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "simatic rtu3031c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "5.0.14"
          },
          {
            "_id": null,
            "model": "simatic rtu 3041c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "5.0.14"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "5.7.36"
          },
          {
            "_id": null,
            "model": "scalance m804pb",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "scalance m874-3",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.58"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.59"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "scalance m876-4",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "simatic rtu3010c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "5.0.14"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "33"
          },
          {
            "_id": null,
            "model": "ruggedcomrm 1224 lte",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "simatic cp 1543-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0.22"
          },
          {
            "_id": null,
            "model": "scalance m874-2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "cloud backup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "simatic rtu3030c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "5.0.14"
          },
          {
            "_id": null,
            "model": "solidfire \\\u0026 hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "scalance m812-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.57"
          },
          {
            "_id": null,
            "model": "scalance s615",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "logo\\! cmr2020",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "*"
          },
          {
            "_id": null,
            "model": "logo\\! cmr2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "*"
          },
          {
            "_id": null,
            "model": "simatic cp 1545-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "_id": null,
            "model": "scalance m826-2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "5.7.0"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "scalance m816-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.10.4"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "solidfire baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.77.0"
          },
          {
            "_id": null,
            "model": "siplus net cp 1543-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0.22"
          },
          {
            "_id": null,
            "model": "scalance mum856-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "sinema remote connect",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "solidfire \u0026 hci management node",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "_id": null,
            "model": "mysql",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e9\u30af\u30eb",
            "version": null
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e9\u30af\u30eb",
            "version": null
          },
          {
            "_id": null,
            "model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "ontap",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "_id": null,
            "model": "curl",
            "scope": null,
            "trust": 0.8,
            "vendor": "haxx",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22924"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164523"
          },
          {
            "db": "PACKETSTORM",
            "id": "166714"
          },
          {
            "db": "PACKETSTORM",
            "id": "164583"
          },
          {
            "db": "PACKETSTORM",
            "id": "164221"
          },
          {
            "db": "PACKETSTORM",
            "id": "164282"
          },
          {
            "db": "PACKETSTORM",
            "id": "164555"
          },
          {
            "db": "PACKETSTORM",
            "id": "164755"
          },
          {
            "db": "PACKETSTORM",
            "id": "164948"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2021-22924",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-22924",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-381398",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.2,
                "id": "CVE-2021-22924",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.7,
                "baseSeverity": "Low",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-22924",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22924",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2021-22924",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22924",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381398",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381398"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22924"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22924"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate. cURL There is a vulnerability in the use of incorrectly resolved names and references.Information may be obtained. A security issue has been found in curl before version 7.78.0. The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can set to qualify how to verify the server certificate. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: rh-dotnet31-curl security update\nAdvisory ID:       RHSA-2022:1354-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1354\nIssue date:        2022-04-13\nCVE Names:         CVE-2021-22876 CVE-2021-22924 CVE-2021-22946\n                   CVE-2021-22947\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet31-curl is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: Bad connection reuse due to flawed path name checks\n(CVE-2021-22924)\n\n* curl: Requirement to use TLS not properly enforced for IMAP, POP3, and\nFTP protocols (CVE-2021-22946)\n\n* curl: Server responses received before STARTTLS processed after TLS\nhandshake (CVE-2021-22947)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks\n2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols\n2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22924\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlb3SNzjgjWX9erEAQgpXg/5AT2Nh6ff5mqlZ7dY4dfRgIFgwWOFbvsL\n7SHL2ScZJGC2ArXHw9ZpL6XqOZlNm6LGy3V9py4CTEt3lSOl1i3NG4LBKjA7tnea\nC0l327UhJZqwg1NtZzuhfJTjngxY+09PKNF9X9ULfISZAU0LJlA32VsY/Aw3r2Pu\ntPx+v+xFKHov+lCT9M75Y7gd0O1McWRwnLF+9E8sVYfkkWp/KMEg4BiuiIax+5lD\n9Cs7sgYGct1wDMC+aXbcgM06vCY8nKTwyD67yuFjL+wbHnjcO12Kle9AIzPLQpjU\nLvzQRqE5/KNhH1BC0jLJwRmFuRH4q/JP8+PRK7/9ABLIl10uj37z9XKpqRj5eBKe\ntof7/1Fq1DIhDQXoU2TB6SdWwAW/GgLb0tQf1F9KUfgJ+PUQGZED7JzB/jjBZqEy\nRh2zDbM8hpCyTBA1bZb/34NyuGG2fypXYkbAda61bWAmn/oV4+P7tV+rGVdQP9GA\nrlvFPm3sEvT5qHe2pI0du5+Y0yB1PjPMmwYKBlNmhuNFbKgH6dLv8KlKMcbJvu4T\ndA7yKkZyyxux8W1Reyp0Wzh2wJE5aQfbZm9rzVDJ896AIlO+UzqHXH4XWoFQV1Rz\nFoj7yKfAJAS/fumVMGd5Z2rpzf8bVjiPltQi+qXFgdyfqpkLxzSKj1tFtWxFW8P4\n04zDwrF/odg=o6o+\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-5021-1\nJuly 22, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nHarry Sintonen and Tomas Hoger discovered that curl incorrectly handled\nTELNET connections when the -t option was used on the command line. \nUninitialized data possibly containing sensitive information could be sent\nto the remote server, contrary to expectations. (CVE-2021-22898,\nCVE-2021-22925)\n\nHarry Sintonen discovered that curl incorrectly reused connections in the\nconnection pool. This could result in curl reusing the wrong connections. \n(CVE-2021-22924)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n  curl                            7.74.0-1ubuntu2.1\n  libcurl3-gnutls                 7.74.0-1ubuntu2.1\n  libcurl3-nss                    7.74.0-1ubuntu2.1\n  libcurl4                        7.74.0-1ubuntu2.1\n\nUbuntu 20.04 LTS:\n  curl                            7.68.0-1ubuntu2.6\n  libcurl3-gnutls                 7.68.0-1ubuntu2.6\n  libcurl3-nss                    7.68.0-1ubuntu2.6\n  libcurl4                        7.68.0-1ubuntu2.6\n\nUbuntu 18.04 LTS:\n  curl                            7.58.0-2ubuntu3.14\n  libcurl3-gnutls                 7.58.0-2ubuntu3.14\n  libcurl3-nss                    7.58.0-2ubuntu3.14\n  libcurl4                        7.58.0-2ubuntu3.14\n\nIn general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):\n\n2007489 - RHACM 2.1.12 images\n2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets\n2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request\n2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser\n2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure\n2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams\n2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack\n2011020 - CVE-2021-41099 redis: Integer overflow issue with strings\n\n5. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.11 General\nAvailability release images, which provide a security fix and update the\ncontainer images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.11 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains updates to one or more container images for Red Hat\nAdvanced Cluster Management for Kubernetes. \n\nContainer updates:\n\n* RHACM 2.1.11 images (BZ# 1999375)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. To apply this upgrade,\nyou \nmust upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n1999375 - RHACM 2.1.11 images\n\n5. Description:\n\nQuay 3.6.0 release\n\nSecurity Fix(es):\n\n* nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)\n\n* python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error\nchecking in TiffDecode.c (CVE-2021-25289)\n\n* nodejs-urijs: mishandling certain uses of backslash may lead to\nconfidentiality compromise (CVE-2021-27516)\n\n* nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)\n\n* nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)\n\n* nodejs-is-my-json-valid: ReDoS when validating JSON fields with email\nformat (CVE-2018-1107)\n\n* nodejs-extend: Prototype pollution can allow attackers to modify object\nproperties (CVE-2018-16492)\n\n* nodejs-stringstream: out-of-bounds read leading to uninitialized memory\nexposure (CVE-2018-21270)\n\n* nodejs-handlebars: lookup helper fails to properly validate templates\nallowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* nodejs-handlebars: an endless loop while processing specially-crafted\ntemplates leads to DoS (CVE-2019-20922)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* nodejs-highlight-js: prototype pollution via a crafted HTML code block\n(CVE-2020-26237)\n\n* urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)\n\n* python-pillow: decoding crafted YCbCr files could result in heap-based\nbuffer overflow (CVE-2020-35654)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* python-pillow: negative-offset memcpy with an invalid size in\nTiffDecode.c (CVE-2021-25290)\n\n* python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c\n(CVE-2021-25291)\n\n* python-pillow: backtracking regex in PDF parser could be used as a DOS\nattack (CVE-2021-25292)\n\n* python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)\n\n* nodejs-url-parse: mishandling certain uses of backslash may lead to\nconfidentiality compromise (CVE-2021-27515)\n\n* python-pillow: reported size of a contained image is not properly checked\nfor a BLP container (CVE-2021-27921)\n\n* python-pillow: reported size of a contained image is not properly checked\nfor an ICNS container (CVE-2021-27922)\n\n* python-pillow: reported size of a contained image is not properly checked\nfor an ICO container (CVE-2021-27923)\n\n* python-pillow: buffer overflow in Convert.c because it allow an attacker\nto pass controlled parameters directly into a convert function\n(CVE-2021-34552)\n\n* nodejs-braces: Regular Expression Denial of Service (ReDoS) in\nlib/parsers.js (CVE-2018-1109)\n\n* lodash: Prototype pollution in utilities function (CVE-2018-3721)\n\n* hoek: Prototype pollution in utilities function (CVE-2018-3728)\n\n* lodash: uncontrolled resource consumption in Data handler causing denial\nof service (CVE-2019-1010266)\n\n* nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)\n\n* python-pillow: decoding a crafted PCX file could result in buffer\nover-read (CVE-2020-35653)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1500700 - CVE-2017-16138 nodejs-mime: Regular expression Denial of Service\n1500705 - CVE-2017-16137 nodejs-debug: Regular expression Denial of Service\n1545884 - CVE-2018-3721 lodash: Prototype pollution in utilities function\n1545893 - CVE-2018-3728 hoek: Prototype pollution in utilities function\n1546357 - CVE-2018-1107 nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format\n1547272 - CVE-2018-1109 nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js\n1608140 - CVE-2018-16492 nodejs-extend: Prototype pollution can allow attackers to modify object properties\n1743096 - CVE-2019-1010266 lodash: uncontrolled resource consumption in Data handler causing denial of service\n1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS\n1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution\n1901662 - CVE-2020-26237 nodejs-highlight-js: prototype pollution via a crafted HTML code block\n1915257 - CVE-2020-26291 urijs: Hostname spoofing via backslashes in URL\n1915420 - CVE-2020-35653 python-pillow: decoding a crafted PCX file could result in buffer over-read\n1915424 - CVE-2020-35654 python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow\n1927293 - CVE-2018-21270 nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure\n1934470 - CVE-2021-27516 nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise\n1934474 - CVE-2021-27515 nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise\n1934680 - CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c\n1934685 - CVE-2021-25290 python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c\n1934692 - CVE-2021-25291 python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c\n1934699 - CVE-2021-25292 python-pillow: backtracking regex in PDF parser could be used as a DOS attack\n1934705 - CVE-2021-25293 python-pillow: out-of-bounds read in SGIRleDecode.c\n1935384 - CVE-2021-27921 python-pillow: reported size of a contained image is not properly checked for a BLP container\n1935396 - CVE-2021-27922 python-pillow: reported size of a contained image is not properly checked for an ICNS container\n1935401 - CVE-2021-27923 python-pillow: reported size of a contained image is not properly checked for an ICO container\n1940759 - CVE-2018-3774 nodejs-url-parse: incorrect hostname in url parsing\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1982378 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nPROJQUAY-1417 - zstd compressed layers\nPROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay\nPROJQUAY-1535 -  As a user I can create and use nested repository name structures\nPROJQUAY-1583 - add \"disconnected\" annotation to operators\nPROJQUAY-1609 - Operator communicates status per managed component\nPROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment\nPROJQUAY-1791 - v1beta CRD EOL\nPROJQUAY-1883 - Support OCP Re-encrypt routes\nPROJQUAY-1887 - allow either sha or tag in related images\nPROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. \nPROJQUAY-1998 - note database deprecations in 3.6 Config Tool\nPROJQUAY-2050 - Support OCP Edge-Termination\nPROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly\nPROJQUAY-2102 - add clair-4.2 enrichment data to quay UI\nPROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install\n\n6. Bugs fixed (https://bugzilla.redhat.com/):\n\n1858777 - Alert for VM with \u0027evictionStrategy: LiveMigrate\u0027 for local PVs set\n1891921 - virt-launcher is missing /usr/share/zoneinfo directory, making it impossible to set clock offset of timezone type for the guest RTC\n1896469 - In cluster with OVN Kubernetes networking - a node doesn\u0027t recover when configuring linux-bridge over its default NIC\n1903687 - [scale] 1K DV creation failed\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1933043 - Delete VM just after it turns into \"running\" is very likely to hit grace period end\n1935219 - [CNV-2.5] Set memory and CPU request on hco-operator and hco-webhook deployments\n1942726 - test automatic bug creation for a new release\n1943164 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed\n1945589 - Live migration with virtiofs is possible\n1953481 - New OCP priority classes are not used - Deploy\n1953483 - New OCP priority classes are not used - SSP\n1953484 - New OCP priority classes are not used - Storage\n1955129 - Failed to bindmount hotplug-disk for hostpath-provisioner\n1957852 - Could not start VM as restore snapshot was still not Complete\n1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header\n1963963 - hco.kubevirt.io:config-reader role and rolebinding are not strictly reconciled\n1965050 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount\n1973852 - Introduce VM crashloop backoff\n1976604 - [CNV-5786] IP connectivity is lost after migration (masquerade)\n1976730 - Disk is not usable due to incorrect size for proper alignment\n1979631 - virt-chroot: container disk validation crash prevents VMI from starting/migrating\n1979659 - 4.9.0 containers\n1981345 - 4.9.0 rpms\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1985083 - VMI Pod fails to terminate due to a zombie qemu process\n1985649 - virt-handler Pod is missing xorrisofs command\n1985670 - virt-launcher fails to create v1 controller cpu for group: Read-only file system\n1985719 - Unprivileged client fails to get guest agent data\n1989176 - kube-cni-linux-bridge-plugin Pod is missing bridge CNI plugin\n1989263 - VM Snapshot may freeze guest indefinitely\n1989269 - Online VM Snapshot storing incorrect VM spec\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1991691 - Enable DownwardMetrics FeatureGate via HCO CR\n1992608 - kubevirt doesn\u0027t respect useEmulation: true\n1993121 - Rhel9 templates - provider-url should be updated to https://www.redhat.com/\n1994389 - Some of the cdi resources missing app labels\n1995295 - SCC annotation of ssp-operator was changed to privileged\n1996407 - [cdi-functional-tests] cdi-docker-registry-host Pod fails to start\n1997014 - Common templates - dataVolumeTemplates API version should be updated\n1998054 - RHEL9 template - update template description. \n1998656 - no \"name\" label in ssp-operator pod\n1999571 - NFS clone not progressing when clone sizes mismatch (target \u003e source)\n1999617 - Unable to create a VM with nonroot VirtLauncher Pods\n1999835 - ConsoleCLIDownload | wrong path in virtctl archive URL\n2000052 - NNCP creation failures after nmstate-handler pod deletion\n2000204 - [4.9.0] [RFE] volumeSnapshotStatuses reason does not check for volume type that do not support snapshots\n2001041 - [4.9.0] Importer attempts to shrink an image in certain situations\n2001047 - Automatic size detection may not request a PVC that is large enough for an import\n2003473 - Failed to Migrate Windows VM with CDROM  (readonly)\n2005695 - With descheduler during multiple VMIs migrations, some VMs are restarted\n2006418 - Clone Strategy does not work as described\n2008900 - Eviction of not live migratable VMs due to virt-launcher upgrade can happen outside the upgrade window\n2010742 - [CNV-4.9] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13\n2011179 - Cluster-wide live migration limits and timeouts are not suitable\n2017394 - After upgrade, live migration is Pending\n2018521 - [Storage] Failed to restore VirtualMachineSnapshot after CNV upgrade\n\n5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22924"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381398"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22924"
          },
          {
            "db": "PACKETSTORM",
            "id": "164523"
          },
          {
            "db": "PACKETSTORM",
            "id": "166714"
          },
          {
            "db": "PACKETSTORM",
            "id": "163637"
          },
          {
            "db": "PACKETSTORM",
            "id": "164583"
          },
          {
            "db": "PACKETSTORM",
            "id": "164221"
          },
          {
            "db": "PACKETSTORM",
            "id": "164282"
          },
          {
            "db": "PACKETSTORM",
            "id": "164555"
          },
          {
            "db": "PACKETSTORM",
            "id": "164755"
          },
          {
            "db": "PACKETSTORM",
            "id": "164948"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22924",
            "trust": 3.7
          },
          {
            "db": "HACKERONE",
            "id": "1223565",
            "trust": 1.9
          },
          {
            "db": "SIEMENS",
            "id": "SSA-732250",
            "trust": 1.1
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.1
          },
          {
            "db": "SIEMENS",
            "id": "SSA-389290",
            "trust": 1.1
          },
          {
            "db": "JVN",
            "id": "JVNVU91709091",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99030761",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "164948",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "164755",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "164583",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "165008",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-381398",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22924",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164523",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166714",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163637",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164221",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164282",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164555",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381398"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22924"
          },
          {
            "db": "PACKETSTORM",
            "id": "164523"
          },
          {
            "db": "PACKETSTORM",
            "id": "166714"
          },
          {
            "db": "PACKETSTORM",
            "id": "163637"
          },
          {
            "db": "PACKETSTORM",
            "id": "164583"
          },
          {
            "db": "PACKETSTORM",
            "id": "164221"
          },
          {
            "db": "PACKETSTORM",
            "id": "164282"
          },
          {
            "db": "PACKETSTORM",
            "id": "164555"
          },
          {
            "db": "PACKETSTORM",
            "id": "164755"
          },
          {
            "db": "PACKETSTORM",
            "id": "164948"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22924"
          }
        ]
      },
      "id": "VAR-202108-2222",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381398"
          }
        ],
        "trust": 0.7410993499999999
      },
      "last_update_date": "2026-04-10T22:46:32.438000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "hitachi-sec-2023-204",
            "trust": 0.8,
            "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22924 log"
          },
          {
            "title": "Arch Linux Advisories: [ASA-202107-61] libcurl-compat: multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-61"
          },
          {
            "title": "Arch Linux Advisories: [ASA-202107-60] lib32-curl: multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-60"
          },
          {
            "title": "Arch Linux Advisories: [ASA-202107-64] lib32-libcurl-gnutls: multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-64"
          },
          {
            "title": "Arch Linux Advisories: [ASA-202107-62] lib32-libcurl-compat: multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-62"
          },
          {
            "title": "Arch Linux Advisories: [ASA-202107-63] libcurl-gnutls: multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-63"
          },
          {
            "title": "Arch Linux Advisories: [ASA-202107-59] curl: multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-59"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-22924"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-706",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Use of incorrectly resolved names and references (CWE-706) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381398"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22924"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.9,
            "url": "https://hackerone.com/reports/1223565"
          },
          {
            "trust": 1.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "trust": 1.1,
            "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
          },
          {
            "trust": 1.1,
            "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cusers.kafka.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cusers.kafka.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cdev.kafka.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cdev.kafka.apache.org%3e"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2021-22924"
          },
          {
            "trust": 0.8,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91709091/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99030761/index.html"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2021-22922"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2021-22923"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-36222"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-37750"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36222"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37750"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-3653"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-32626"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-32687"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32626"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32675"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23017"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-32675"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-41099"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32627"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32687"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32628"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32672"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-23017"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-32627"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-32672"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-32628"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41099"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-22947"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-22946"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3656"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25648"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cdev.kafka.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cdev.kafka.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cusers.kafka.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cusers.kafka.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "http://seclists.org/oss-sec/2021/q3/26"
          },
          {
            "trust": 0.1,
            "url": "https://security.archlinux.org/cve-2021-22924"
          },
          {
            "trust": 0.1,
            "url": "https://security.archlinux.org/asa-202107-61"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23434"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3873"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1354"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.14"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5021-1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.6"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22543"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37576"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3949"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23840"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23841"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-37576"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4658"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3582"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27777"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-29154"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31535"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3653"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29650"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27777"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-32399"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-29650"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22555"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-31535"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22555"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27922"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-1109"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-7608"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26237"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-21270"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25292"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-26237"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25289"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20920"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3728"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-34552"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35653"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25289"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35654"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1109"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-3721"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23368"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8203"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1107"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-3774"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7608"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16137"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8203"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-21270"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23382"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-26291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15366"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25291"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-16492"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27921"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3774"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20920"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27515"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20922"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-1010266"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35654"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27923"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25290"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23364"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010266"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20922"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-1107"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3917"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35653"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23382"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-16138"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-3728"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3721"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15366"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27516"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16138"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-16137"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23364"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23368"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4104"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33195"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3121"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33198"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-31525"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-34558"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33197"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34558"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0512"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-32803"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3733"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32690"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3711"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3733"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36385"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3712"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-32804"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33623"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33938"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33929"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32804"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-32690"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3711"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3749"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33930"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33623"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32803"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33928"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381398"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22924"
          },
          {
            "db": "PACKETSTORM",
            "id": "164523"
          },
          {
            "db": "PACKETSTORM",
            "id": "166714"
          },
          {
            "db": "PACKETSTORM",
            "id": "163637"
          },
          {
            "db": "PACKETSTORM",
            "id": "164583"
          },
          {
            "db": "PACKETSTORM",
            "id": "164221"
          },
          {
            "db": "PACKETSTORM",
            "id": "164282"
          },
          {
            "db": "PACKETSTORM",
            "id": "164555"
          },
          {
            "db": "PACKETSTORM",
            "id": "164755"
          },
          {
            "db": "PACKETSTORM",
            "id": "164948"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22924"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381398",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22924",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164523",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166714",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163637",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164583",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164221",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164282",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164555",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164755",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164948",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22924",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-08-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381398",
            "ident": null
          },
          {
            "date": "2021-10-15T15:06:44",
            "db": "PACKETSTORM",
            "id": "164523",
            "ident": null
          },
          {
            "date": "2022-04-13T22:20:44",
            "db": "PACKETSTORM",
            "id": "166714",
            "ident": null
          },
          {
            "date": "2021-07-22T23:15:11",
            "db": "PACKETSTORM",
            "id": "163637",
            "ident": null
          },
          {
            "date": "2021-10-21T15:31:47",
            "db": "PACKETSTORM",
            "id": "164583",
            "ident": null
          },
          {
            "date": "2021-09-21T15:40:44",
            "db": "PACKETSTORM",
            "id": "164221",
            "ident": null
          },
          {
            "date": "2021-09-24T15:49:04",
            "db": "PACKETSTORM",
            "id": "164282",
            "ident": null
          },
          {
            "date": "2021-10-19T15:32:20",
            "db": "PACKETSTORM",
            "id": "164555",
            "ident": null
          },
          {
            "date": "2021-11-03T17:47:45",
            "db": "PACKETSTORM",
            "id": "164755",
            "ident": null
          },
          {
            "date": "2021-11-12T17:01:04",
            "db": "PACKETSTORM",
            "id": "164948",
            "ident": null
          },
          {
            "date": "2022-05-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-009762",
            "ident": null
          },
          {
            "date": "2021-08-05T21:15:11.380000",
            "db": "NVD",
            "id": "CVE-2021-22924",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381398",
            "ident": null
          },
          {
            "date": "2025-09-19T08:27:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-009762",
            "ident": null
          },
          {
            "date": "2025-06-09T15:15:24.403000",
            "db": "NVD",
            "id": "CVE-2021-22924",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "163637"
          }
        ],
        "trust": 0.1
      },
      "title": {
        "_id": null,
        "data": "cURL\u00a0 Incorrectly resolved name and reference usage vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "overflow",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164523"
          },
          {
            "db": "PACKETSTORM",
            "id": "164583"
          },
          {
            "db": "PACKETSTORM",
            "id": "164948"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-201109-0130

    Vulnerability from variot - Updated: 2026-04-10 22:16

    The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. A vulnerability in the specification of the SSL 3.0 and TLS 1.0 protocols could allow an attacker to decrypt encrypted traffic. This will result in a false sense of security, and potentially result in the disclosure of sensitive information. HP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and Windows. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02


                                            http://security.gentoo.org/
    

    Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02


    Synopsis

    Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------

    Description

    Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Oracle JDK 1.6 users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"

    All Oracle JRE 1.6 users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"

    All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:

    # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"

    NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.

    References

    [ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-201111-02.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------

    SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs:

    http://secunia.com/resources/events/sc_2011/


    TITLE: IBM Lotus Domino SSL/TLS Initialization Vector Selection Weakness

    SECUNIA ADVISORY ID: SA46791

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46791/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46791

    RELEASE DATE: 2011-11-11

    DISCUSS ADVISORY: http://secunia.com/advisories/46791/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/46791/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=46791

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A weakness has been reported in IBM Lotus Domino, which can be exploited by malicious people to disclose potentially sensitive information and hijack a user's session.

    SOLUTION: As a workaround enable RC4 encryption (please see the vendor's advisory for details).

    PROVIDED AND/OR DISCOVERED BY: Thai Duong and Juliano Rizzo

    ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg21568229

    IBM ISS X-Force: http://xforce.iss.net/xforce/xfdb/70069

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    .

    A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers) (CVE-2011-4940).

    A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories (CVE-2011-4944).

    A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely.

    Hash table collisions CPU usage DoS for the embedded copy of expat (CVE-2012-0876).

    A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions (CVE-2012-1150).

    The updated packages have been patched to correct these issues. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

    iD8DBQFP4cpsmqjQ0CJFipgRAns2AKCf6yQzu1AwCPejS+sWBnfY717HLQCeIefL NJQbNxUlwmb1w7aFZIt0vdU= =3Vdc -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-1263-1 November 16, 2011

    icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 11.10
    • Ubuntu 11.04
    • Ubuntu 10.10
    • Ubuntu 10.04 LTS

    Summary:

    Multiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed.

    Software Description: - icedtea-web: A web browser plugin to execute Java applets - openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation

    Details:

    Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. (CVE-2011-3377)

    Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. (CVE-2011-3389)

    It was discovered that a type confusion flaw existed in the in the Internet Inter-Orb Protocol (IIOP) deserialization code. A remote attacker could use this to cause an untrusted application or applet to execute arbitrary code by deserializing malicious input. (CVE-2011-3521)

    It was discovered that the Java scripting engine did not perform SecurityManager checks. This could allow a remote attacker to cause an untrusted application or applet to execute arbitrary code with the full privileges of the JVM. (CVE-2011-3544)

    It was discovered that the InputStream class used a global buffer to store input bytes skipped. An attacker could possibly use this to gain access to sensitive information. (CVE-2011-3547)

    It was discovered that a vulnerability existed in the AWTKeyStroke class. A remote attacker could cause an untrusted application or applet to execute arbitrary code. (CVE-2011-3548)

    It was discovered that an integer overflow vulnerability existed in the TransformHelper class in the Java2D implementation. A remote attacker could use this cause a denial of service via an application or applet crash or possibly execute arbitrary code. (CVE-2011-3551)

    It was discovered that the default number of available UDP sockets for applications running under SecurityManager restrictions was set too high. A remote attacker could use this with a malicious application or applet exhaust the number of available UDP sockets to cause a denial of service for other applets or applications running within the same JVM. (CVE-2011-3552)

    It was discovered that Java API for XML Web Services (JAX-WS) could incorrectly expose a stack trace. (CVE-2011-3553)

    It was discovered that the unpacker for pack200 JAR files did not sufficiently check for errors. An attacker could cause a denial of service or possibly execute arbitrary code through a specially crafted pack200 JAR file. (CVE-2011-3554)

    It was discovered that the RMI registration implementation did not properly restrict privileges of remotely executed code. A remote attacker could use this to execute code with elevated privileges. (CVE-2011-3556, CVE-2011-3557)

    It was discovered that the HotSpot VM could be made to crash, allowing an attacker to cause a denial of service or possibly leak sensitive information. (CVE-2011-3558)

    It was discovered that the HttpsURLConnection class did not properly perform SecurityManager checks in certain situations. This could allow a remote attacker to bypass restrictions on HTTPS connections. (CVE-2011-3560)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 11.10: icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10 icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10 icedtea-netx 1.1.3-1ubuntu1.1 icedtea-plugin 1.1.3-1ubuntu1.1 openjdk-6-jre 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10

    Ubuntu 11.04: icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-netx 1.1.1-0ubuntu1~11.04.2 icedtea-plugin 1.1.1-0ubuntu1~11.04.2 openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.1

    Ubuntu 10.10: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jdk 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.2

    Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.2 icedtea6-plugin 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.2

    After a standard system update you need to restart any Java applications or applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ESA-2012-032: RSA BSAFE\xae Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks

    EMC Identifier: ESA-2012-032

    CVE Identifier: CVE-2011-3389

    Severity Rating: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

    Affected Products:

    All versions of RSA BSAFE Micro Edition Suite prior to 4.0, all platforms

    Unaffected Products:

    RSA BSAFE Micro Edition Suite 4.0 and higher

    Summary:

    RSA BSAFE Micro Edition Suite contains updates designed to prevent BEAST attacks (CVE-2011-3389)

    Details:

    There is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric key algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important.

    The BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time.

    Recommendation:

    The best way to help prevent this attack is to use TLS v1.1 or higher. The vulnerability to do with IV generation was fixed in TLS v1.1 (released in 2006) so implementations using only TLS v1.1 or v1.2 are engineered to be secure against the BEAST exploit. However, support for these higher level protocols is limited to a smaller number of applications, so supporting only TLS v1.1 or v1.2 might cause interoperability issues.

    A second solution is to limit the negotiated cipher suites to exclude those that do not require symmetric key algorithms in CBC mode. However, this substantially restricts the number of cipher suites that can be negotiated. That is, only cipher suites with NULL encryption or cipher suites with streaming encryption algorithms (the RC4 algorithm) could be negotiated, which might result in reduced security.

    For customers who cannot or should not implement either of these two methods, RSA BSAFE Micro Edition Suite 4.0 introduces a new feature called first block splitting. First block splitting prevents the BEAST exploit by introducing unknown data into the encryption scheme prior to the attackers inserted plain text data. This is done as follows:

    \x951. The first plain text block to be encrypted is split into two blocks. The first block contains the first byte of the data, the second block contains the rest. \x952. A MAC is generated from the one byte of data, the MAC key, and an increasing counter. This MAC is included in the first block. \x953. The one byte of data, along with the MAC, is encrypted and becomes the IV for the next block. Because the IV is now essentially random data, it is impossible for an attacker to predict it and replace it with one of their own. To implement first block splitting in RSA BSAFE Micro Edition Suite 4.0, either for an SSL context or SSL object, call R_SSL_CTX_set_options_by_type() or R_SSL_set_options_by_type() respectively, with the SSL_OP_TYPE_SECURITY option type and the SSL_OP_SPLIT_FIRST_FRAGMENT identifier.

    For more information about these functions and identifiers, see the RSA BSAFE Micro Edition Suite API Reference Guide.

    Severity Rating:

    For an explanation of Severity Ratings, refer to the Knowledge Base Article, \x93Security Advisories Severity Rating\x94 at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

    Obtaining Documentation:

    To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link.

    Getting Support and Service:

    For customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab.

    General Customer Support Information:

    http://www.rsa.com/node.aspx?id=1264

    RSA SecurCare Online:

    https://knowledge.rsasecurity.com

    EOPS Policy:

    RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. http://www.rsa.com/node.aspx?id=2575

    SecurCare Online Security Advisories

    RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

    About RSA SecurCare Notes & Security Advisories Subscription

    RSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\x92d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\x92d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection.

    EMC Product Security Response Center

    Security_Alert@EMC.COM

    http://www.emc.com/contact-us/contact/product-security-response-center.html

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (Cygwin)

    iEYEARECAAYFAlBKOMwACgkQtjd2rKp+ALw1HQCfezG65rzhhtvVQAFkXzXQmthr Cc8An3CJlTmuxBfF1dHt/NvQgKED9eR4 =++hy -----END PGP SIGNATURE----- . The Common Vulnerabilities and Exposures project identifies the following problems:

    CVE-2011-3389

    This update enables OpenSSL workarounds against the "BEAST" attack. Additional information can be found in the Curl advisory: http://curl.haxx.se/docs/adv_20120124B.html

    CVE-2012-0036

    Dan Fandrich discovered that Curl performs insufficient sanitising when extracting the file path part of an URL.

    For the oldstable distribution (lenny), this problem has been fixed in version 7.18.2-8lenny6.

    For the stable distribution (squeeze), this problem has been fixed in version 7.21.0-2.1+squeeze1.

    For the unstable distribution (sid), this problem has been fixed in version 7.24.0-1.

    We recommend that you upgrade your curl packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Critical: java-1.5.0-ibm security update Advisory ID: RHSA-2012:0508-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0508.html Issue date: 2012-04-23 CVE Names: CVE-2011-3389 CVE-2011-3557 CVE-2011-3560 CVE-2011-3563 CVE-2012-0498 CVE-2012-0499 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 =====================================================================

    1. Summary:

    Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

    The Red Hat Security Response Team has rated this update as having critical security impact.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

    1. Description:

    The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.

    This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-3389, CVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0498, CVE-2012-0499, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507)

    All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR13-FP1 Java release. All running instances of IBM Java must be restarted for this update to take effect.

    1. Solution:

    Before applying this update, make sure all previously-released errata relevant to your system have been applied.

    This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

    1. Bugs fixed (http://bugzilla.redhat.com/):

    737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) 788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) 788994 - CVE-2012-0507 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) 789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) 789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) 789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) 789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704) 790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) 790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)

    1. Package List:

    Red Hat Enterprise Linux Desktop Supplementary (v. 5):

    i386: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm

    x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.x86_64.rpm

    Red Hat Enterprise Linux Server Supplementary (v. 5):

    i386: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm

    ppc: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.ppc64.rpm

    s390x: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.s390.rpm java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.s390x.rpm

    x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.x86_64.rpm

    Red Hat Enterprise Linux Desktop Supplementary (v. 6):

    i386: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.i686.rpm

    x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm

    Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

    x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm

    Red Hat Enterprise Linux Server Supplementary (v. 6):

    i386: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.i686.rpm

    ppc64: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.ppc.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm

    s390x: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.s390.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.s390.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm

    x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm

    Red Hat Enterprise Linux Workstation Supplementary (v. 6):

    i386: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.i686.rpm

    x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

    1. References:

    https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3563.html https://www.redhat.com/security/data/cve/CVE-2012-0498.html https://www.redhat.com/security/data/cve/CVE-2012-0499.html https://www.redhat.com/security/data/cve/CVE-2012-0501.html https://www.redhat.com/security/data/cve/CVE-2012-0502.html https://www.redhat.com/security/data/cve/CVE-2012-0503.html https://www.redhat.com/security/data/cve/CVE-2012-0505.html https://www.redhat.com/security/data/cve/CVE-2012-0506.html https://www.redhat.com/security/data/cve/CVE-2012-0507.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004

    OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address the following:

    Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.22 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053

    BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A remote attacker may be able to cause a denial of service in systems configured to run BIND as a DNS nameserver Description: A reachable assertion issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4313

    BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: A remote attacker may be able to cause a denial of service, data corruption, or obtain sensitive information from process memory in systems configured to run BIND as a DNS nameserver Description: A memory management issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1 on OS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. CVE-ID CVE-2012-1667

    CoreText Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A bounds checking issue existed in the handling of text glyphs, which may lead to out of bounds memory reads or writes. This issue was addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-3716 : Jesse Ruderman of Mozilla Corporation

    Data Security Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update adds the involved sub-CA certificate to OS X's list of untrusted certificates.

    DirectoryService Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: If the DirectoryService Proxy is used, a remote attacker may cause a denial of service or arbitrary code execution Description: A buffer overflow existed in the DirectoryService Proxy. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion and Mountain Lion systems. CVE-ID CVE-2012-0650 : aazubel working with HP's Zero Day Initiative

    ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. These issues do not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048

    ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative

    Installer Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Remote admins and persons with physical access to the system may obtain account information Description: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented user passwords from being recorded in the system log, but did not remove the old log entries. This issue was addressed by deleting log files that contained passwords. This issue does not affect Mac OS X 10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-0652

    International Components for Unicode Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4599

    Kernel Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. This issue was addressed by disabling handling of addresses in PT_STEP and PT_CONTINUE. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0643 : iOS Jailbreak Dream Team

    LoginWindow Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A local user may be able to obtain other user's login passwords Description: A user-installed input method could intercept password keystrokes from Login Window or Screen Saver Unlock. This issue was addressed by preventing user-installed methods from being used when the system is handling login information. CVE-ID CVE-2012-3718 : An anonymous researcher

    Mail Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing an e-mail message may lead to execution of web plugins Description: An input validation issue existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third- party plug-ins in Mail. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3719 : Will Dormann of the CERT/CC

    Mobile Accounts Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A user with access to the contents of a mobile account may obtain the account password Description: Creating a mobile account saved a hash of the password in the account, which was used to login when the mobile account was used as an external account. The password hash could be used to determine the user's password. This issue was addressed by creating the password hash only if external accounts are enabled on the system where the mobile account is created. CVE-ID CVE-2012-3720 : Harald Wagener of Google, Inc.

    PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: Multiple vulnerabilities in PHP Description: >PHP is updated to version 5.3.15 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2143 CVE-2012-2311 CVE-2012-2386 CVE-2012-2688

    PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: PHP scripts which use libpng may be vulnerable to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PNG files. This issue was addressed by updating PHP's copy of libpng to version 1.5.10. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3048

    Profile Manager Available for: OS X Lion Server v10.7 to v10.7.4 Impact: An unauthenticated user could enumerate managed devices Description: An authentication issue existed in the Device Management private interface. This issue was addressed by removing the interface. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3721 : Derick Cassidy of XEquals Corporation

    QuickLook Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .pict files. This issue was addressed through improved validation of .pict files. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL)

    QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of sean atoms. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative

    QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC

    QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative

    Ruby Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. The Ruby OpenSSL module disabled the 'empty fragment' countermeasure which prevented these attacks. This issue was addressed by enabling empty fragments. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3389

    USB Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Attaching a USB device may lead to an unexpected system termination or arbitrary code execution Description: A memory corruption issue existed in the handling of USB hub descriptors. This issue was addressed through improved handling of the bNbrPorts descriptor field. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3723 : Andy Davis of NGS Secure

    Note: OS X Mountain Lion v10.8.2 includes the content of Safari 6.0.1. For further details see "About the security content of Safari 6.0.1" at http://http//support.apple.com/kb/HT5502

    OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

    The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update 2012-004.

    For OS X Mountain Lion v10.8.1 The download file is named: OSXUpd10.8.2.dmg Its SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33

    For OS X Mountain Lion v10.8 The download file is named: OSXUpdCombo10.8.2.dmg Its SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c

    For OS X Lion v10.7.4 The download file is named: MacOSXUpd10.7.5.dmg Its SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532

    For OS X Lion v10.7 and v10.7.3 The download file is named: MacOSXUpdCombo10.7.5.dmg Its SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b

    For OS X Lion Server v10.7.4 The download file is named: MacOSXServerUpd10.7.5.dmg Its SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a

    For OS X Lion Server v10.7 and v10.7.3 The download file is named: MacOSXServerUpdCombo10.7.5.dmg Its SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e

    For Mac OS X v10.6.8 The download file is named: SecUpd2012-004.dmg Its SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7

    For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-004.dmg Its SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28

    Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

    -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org

    iQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e Qm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW pc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE DQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO QyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n 7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm 7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO BOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5 w4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3 +9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK q5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2 xyBfrQfG/dsif6jGHaot =8joH -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03316985

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c03316985 Version: 1

    HPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial of Service (DoS), Unauthorized Modification and Disclosure of Information

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2012-05-15 Last Updated: 2012-05-15


    Potential Security Impact: Remote Denial of service, unauthorized modification and disclosure of information

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote Denial of Service (DoS), unauthorized modification and disclosure of information.

    References: CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0871, CVE-2011-3389, CVE-2011-3545, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0499, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2010-4447 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-4448 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2010-4454 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4462 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4475 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0802 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0814 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0815 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0862 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0864 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0865 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-0867 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-0871 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP is providing the following Java updates to resolve the vulnerabilities. The updates are available from: http://www.hp.com/go/java

    These issues are addressed in the following versions of the HP Java:

    HP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent

    HP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent

    HP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent

    MANUAL ACTIONS: Yes - Update

    For Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent.

    PRODUCT SPECIFIC INFORMATION

    HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

    The following text is for use by the HP-UX Software Assistant.

    AFFECTED VERSIONS

    HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jpi14.JPI14-COM Jpi14.JPI14-COM-DOC Jpi14.JPI14-IPF32 Jpi14.JPI14-PA11 Jdk14.JDK14-COM Jdk14.JDK14-DEMO Jdk14.JDK14-IPF32 Jdk14.JDK14-IPF64 Jdk14.JDK14-PA11 Jdk14.JDK14-PA20 Jdk14.JDK14-PA20W Jdk14.JDK14-PNV2 Jdk14.JDK14-PWV2 Jre14.JRE14-COM Jre14.JRE14-COM-DOC Jre14.JRE14-IPF32 Jre14.JRE14-IPF32-HS Jre14.JRE14-IPF64 Jre14.JRE14-IPF64-HS Jre14.JRE14-PA11 Jre14.JRE14-PA11-HS Jre14.JRE14-PA20 Jre14.JRE14-PA20-HS Jre14.JRE14-PA20W Jre14.JRE14-PA20W-HS Jre14.JRE14-PNV2 Jre14.JRE14-PNV2-H Jre14.JRE14-PWV2 Jre14.JRE14-PWV2-H action: install revision 1.4.2.28.00 or subsequent

    END AFFECTED VERSIONS

    HISTORY Version:1 (rev.1) - 15 May 2012 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

    Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

    Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

    Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "hitachi",
            "version": "02-03"
          },
          {
            "_id": null,
            "model": "web server 02-04-/a",
            "scope": null,
            "trust": 1.5,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "02-01"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "02-02"
          },
          {
            "_id": null,
            "model": "simatic rf68xr",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.10.6"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "internet explorer",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "simatic rf615r",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mozilla",
            "version": null
          },
          {
            "_id": null,
            "model": "windows",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.23.1"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "11.10"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "enterprise linux eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "browser",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opera",
            "version": null
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "google",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 17",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "sdk 08",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "web server 01-02-/b",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "jre 1.4.2 30",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 16",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 05",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "sdk 10",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jdk 14",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 25",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus client",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "jre 1.4.2 25",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 06",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 01",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "jre 05",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 03",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 11",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 10",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "sdk 03",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "jre 01",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 11",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.4.2 12",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 09",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "sdk 24",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jre 02",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jre 07",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jre 1.4.2 22",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 23",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 27",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk 15",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "sdk 07",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 25",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 07",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 29",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 03",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 11",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk 02",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "jre 01",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jre 04",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jdk",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 17",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.4.2 17",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 24",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 27",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus client",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 30",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 03",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 01",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 26",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk 06",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jre 1.4.2 31",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 08",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jdk 10",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.4.2 13",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 02",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 23",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 04",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 05",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 26",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.7"
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 16",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 29",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 31",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 16",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 20",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 32",
            "scope": "ne",
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 30",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 18",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 11",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "sdk .0 03",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "jre 1.4.2 11",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 0 10",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 10",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 24",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 27",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 03",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 29",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 02",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 14",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 14",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.4.2 20",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 24",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "web server 01-02-/c",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 25",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 24",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk .0 05",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 06",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 28",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus operator for service platform",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 13",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.4.2 16",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 17",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 15",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 21",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 33",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 15",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 31",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 28",
            "scope": "ne",
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 10",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 18",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 22",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 31",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk .0 4",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 28",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 21",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 27",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 15",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk .0 02",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 12",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.4.2 18",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.4.2 14",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 02",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "jre",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 28",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 06",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jre 1.4.2 15",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 15",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 26",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 28",
            "scope": "ne",
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.4.2 29",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk 01",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "jdk 17",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "sdk 09",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jre 13",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "sdk",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "jre 1.4.2 32",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 26",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.4.2 33",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 26",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 30",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 32",
            "scope": "ne",
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 18",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 05",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "ucosminexus operator for service platform",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "jdk 17",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 18",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 22",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.7"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 02",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk 04",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 01",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 12",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 07",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "sdk 05",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "web server 01-02-/a",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 14",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 02",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "sdk 03",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jre 03",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 19",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 12",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "jdk 13",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 13",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 25",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 32",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 22",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 1.4.2 19",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 23",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 20",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 20",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 27",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 04",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 04",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 19",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 20",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 23",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 22",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk 1.4.2 13",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 06",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 25",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 18",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 19",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 14",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 22",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "google",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus client )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "jre .0 01",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "jdk 01-b06",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0a",
            "scope": null,
            "trust": 0.6,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus operator for service platform )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "web server linux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "03-00"
          },
          {
            "_id": null,
            "model": "web server 02-04-/b",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8m",
            "scope": null,
            "trust": 0.6,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0.0 09",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.4.2 28",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk .0 04",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus developer )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "jre .0 03",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "cosminexus http server windows",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "03-00"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0.0 08",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "01-02"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8n",
            "scope": null,
            "trust": 0.6,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "jdk .0 03",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 12",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre .0 02",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "cosminexus http server windows",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-10"
          },
          {
            "_id": null,
            "model": "windows server sp1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "2003x64"
          },
          {
            "_id": null,
            "model": "web server linux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "04-00"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 2",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus client )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "jre 1.4.2 27",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 07-b03",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 06",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "jre 1.5.0.0 08",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre .0 04",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "02-04"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0.0 12",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "windows server sp2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "2003x64"
          },
          {
            "_id": null,
            "model": "ucosminexus operator for service platform )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0.0 09",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8o",
            "scope": null,
            "trust": 0.6,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0.0 11",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 11-b03",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "jre 1.5.0.0 07",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 01",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 20",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "windows xp home sp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows vista edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "x640"
          },
          {
            "_id": null,
            "model": "software opera web browser beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.50"
          },
          {
            "_id": null,
            "model": "fusion middleware 11g release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "111.1.17"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "740.80"
          },
          {
            "_id": null,
            "model": "java se sr8 fp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "11.11"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.3"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "nonstop server h06.16.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.53"
          },
          {
            "_id": null,
            "model": "enterprise linux as extras",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "windows xp professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "x64"
          },
          {
            "_id": null,
            "model": "tv",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "voice portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.2"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.14.1"
          },
          {
            "_id": null,
            "model": "windows server for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20080"
          },
          {
            "_id": null,
            "model": "java se",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "11.50"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-10"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.63"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "740.70"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.10"
          },
          {
            "_id": null,
            "model": "windows xp tablet pc edition sp3",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows vista business 64-bit edition x64-enterprise",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "_id": null,
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.0-68"
          },
          {
            "_id": null,
            "model": "power systems 350.c0",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "10.0.648.127"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.225"
          },
          {
            "_id": null,
            "model": "nonstop server j06.09.03",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.50"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.219"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.30"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-10-03"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.15.2"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.20"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "power systems 350.b1",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-10-01(x64)"
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "java se sr12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.0"
          },
          {
            "_id": null,
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0.0.52"
          },
          {
            "_id": null,
            "model": "windows server standard edition gold itanium",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008-"
          },
          {
            "_id": null,
            "model": "flex system imm2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.00"
          },
          {
            "_id": null,
            "model": "windows server r2 enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.12"
          },
          {
            "_id": null,
            "model": "nonstop server h06.18.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server j06.15.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server h06.22.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "windows xp media center edition sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2005"
          },
          {
            "_id": null,
            "model": "websphere datapower soa appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.8"
          },
          {
            "_id": null,
            "model": "websphere datapower soa appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "rational appscan enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.51"
          },
          {
            "_id": null,
            "model": "meeting exchange web conferencing server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "java se",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "_id": null,
            "model": "windows server r2 web edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20030"
          },
          {
            "_id": null,
            "model": "system management homepage c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10.186"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.2"
          },
          {
            "_id": null,
            "model": "nonstop server j06.08.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "windows xp home sp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows vista home basic sp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server j06.16",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.200"
          },
          {
            "_id": null,
            "model": "ucosminexus client for plug-in",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "nonstop server j6.0.14.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "java sdk sr10",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "vplex geosynchrony sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emc",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "software opera web browser win32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.68"
          },
          {
            "_id": null,
            "model": "forms and reports 11g release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "211.1.2.1"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "350.00"
          },
          {
            "_id": null,
            "model": "windows for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "70"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "770.22"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.3"
          },
          {
            "_id": null,
            "model": "flex system chassis management module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "cosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.303"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "windows server r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008x640"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 11",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser 1win32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flex system imm2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.00"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.211"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.104"
          },
          {
            "_id": null,
            "model": "nonstop server j06.07.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.0-95"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "jrockit r28.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "8.51"
          },
          {
            "_id": null,
            "model": "meeting exchange sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "web server )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-03"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.21.6"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0.0 06",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "cosminexus developer\u0027s kit for java (windows(x8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-01"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "opera",
            "version": "11.51"
          },
          {
            "_id": null,
            "model": "cosminexus developer\u0027s kit for java",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-06"
          },
          {
            "_id": null,
            "model": "ucosminexus application server light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "nonstop server h06.15.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.4"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "13.0.782.107"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "14"
          },
          {
            "_id": null,
            "model": "windows server standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20080"
          },
          {
            "_id": null,
            "model": "system management homepage b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5.146"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.54"
          },
          {
            "_id": null,
            "model": "windows server sp2 enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008-x64"
          },
          {
            "_id": null,
            "model": "system networking ethernet switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.51"
          },
          {
            "_id": null,
            "model": "windows server gold standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "jrockit r28.1.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "773.10"
          },
          {
            "_id": null,
            "model": "windows server r2 standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20080"
          },
          {
            "_id": null,
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.5"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.40"
          },
          {
            "_id": null,
            "model": "system management homepage a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.11.197"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-10"
          },
          {
            "_id": null,
            "model": "firefox beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.15210"
          },
          {
            "_id": null,
            "model": "windows vista business",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "tv",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.17"
          },
          {
            "_id": null,
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.11.1"
          },
          {
            "_id": null,
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows server for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20080"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.10"
          },
          {
            "_id": null,
            "model": "esx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows server standard edition gold web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008-"
          },
          {
            "_id": null,
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "windows server itanium sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.3"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "windows xp home sp3",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser win32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "5.12"
          },
          {
            "_id": null,
            "model": "java sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.5"
          },
          {
            "_id": null,
            "model": "software opera web browser beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.50"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.018"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.019"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.3"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.17"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "windows vista ultimate 64-bit edition sp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "11.00"
          },
          {
            "_id": null,
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.10"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.6"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "enterprise linux server supplementary",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "350.60"
          },
          {
            "_id": null,
            "model": "nonstop server j06.13.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.1"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.25"
          },
          {
            "_id": null,
            "model": "windows home premium sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7-x32"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 11-b03",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "windows server gold compute cluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "software opera web browser win32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "5.02"
          },
          {
            "_id": null,
            "model": "rsa bsafe micro edition suite",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "emc",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.19"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "windows server standard edition gold datacenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008-"
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation supplementary",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "access manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "windows vista home premium sp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.24"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11.0.696.65"
          },
          {
            "_id": null,
            "model": "windows vista home premium 64-bit edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "0"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.15"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.60"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.12.3"
          },
          {
            "_id": null,
            "model": "windows server r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0c",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.19"
          },
          {
            "_id": null,
            "model": "windows server sp1 platform sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "software opera web browser beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "windows server enterprise edition itanium sp1 beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20031"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.00"
          },
          {
            "_id": null,
            "model": "windows server sp2 beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.100"
          },
          {
            "_id": null,
            "model": "java se",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "windows server r2 x64-datacenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "cosminexus http server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.7"
          },
          {
            "_id": null,
            "model": "windows server enterprise edition itanium sp2 itanium",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "windows for 32-bit systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7"
          },
          {
            "_id": null,
            "model": "windows vista business 64-bit edition x64-ultimate",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows xp professional edition sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "x64"
          },
          {
            "_id": null,
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "nonstop server j06.15",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.9.2"
          },
          {
            "_id": null,
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "windows rc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7"
          },
          {
            "_id": null,
            "model": "windows server for 32-bit systems sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "jre 07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "callpilot",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "windows vista home premium",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "vplex geosynchrony",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emc",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.4"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-10-10"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-80"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "aura experience portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "control patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "7.1.01"
          },
          {
            "_id": null,
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "ipad",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "10.0.648.133"
          },
          {
            "_id": null,
            "model": "nonstop server h06.21.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.13.2"
          },
          {
            "_id": null,
            "model": "access manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "linux enterprise java sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 08",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "opera",
            "version": "11.60"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "350.20"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-060"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.101"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "ucosminexus application server smart edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.14"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.8"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "8.52"
          },
          {
            "_id": null,
            "model": "cosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "meeting exchange recording server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.4"
          },
          {
            "_id": null,
            "model": "cosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "5"
          },
          {
            "_id": null,
            "model": "desktop extras",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.52"
          },
          {
            "_id": null,
            "model": "nonstop server j06.06.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "_id": null,
            "model": "windows server web edition sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "openpages grc platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "windows server r2 enterprise edition sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20030"
          },
          {
            "_id": null,
            "model": "rsa bsafe ssl-c",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "emc",
            "version": "2.8.6"
          },
          {
            "_id": null,
            "model": "nonstop server j06.06.03",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server h06.17.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "5"
          },
          {
            "_id": null,
            "model": "jdk update21",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3.3"
          },
          {
            "_id": null,
            "model": "simatic rf68xr",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "network node manager i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "windows server standard edition release candidate",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "windows server standard edition sp2 web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008-"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.2"
          },
          {
            "_id": null,
            "model": "fusion middleware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.3.0.0"
          },
          {
            "_id": null,
            "model": "database 11g release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "211.2.0.3"
          },
          {
            "_id": null,
            "model": "rational appscan enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0.1"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "windows server terminal services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20030"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "8.54"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.9"
          },
          {
            "_id": null,
            "model": "nonstop server h06.17.03",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "83"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "9.0.597.84"
          },
          {
            "_id": null,
            "model": "jre 21",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "windows server standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8s",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "ios beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "windows vista home premium 64-bit edition sp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0.103"
          },
          {
            "_id": null,
            "model": "cms server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "16.2"
          },
          {
            "_id": null,
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "windows vista business 64-bit edition x86-ultimate",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "linux enterprise java sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "java se sr1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "windows server gold datacenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.53"
          },
          {
            "_id": null,
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.21"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "_id": null,
            "model": "windows server r2 enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20030"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "350.70"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "tv",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "nonstop server h06.27",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.20.2"
          },
          {
            "_id": null,
            "model": "nonstop server j06.14.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "12.0.742.100"
          },
          {
            "_id": null,
            "model": "tv",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10.186"
          },
          {
            "_id": null,
            "model": "rational appscan standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8"
          },
          {
            "_id": null,
            "model": "windows server datacenter edition sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003x64"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.0-50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.015"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.105"
          },
          {
            "_id": null,
            "model": "windows server r2 datacenter edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20030"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7"
          },
          {
            "_id": null,
            "model": "jdk 01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "nonstop server j06.08.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.306"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.64"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "windows server sp1 compute cluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.13"
          },
          {
            "_id": null,
            "model": "java se",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-10-02"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "software opera web browser win32 beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.01"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.5",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.4.222"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.18"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "9.0.597.107"
          },
          {
            "_id": null,
            "model": "java se sr10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "nonstop server j06.04.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "web server solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-01"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.2.77"
          },
          {
            "_id": null,
            "model": "software opera web browser linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.217"
          },
          {
            "_id": null,
            "model": "windows vista business 64-bit edition x86-enterprise",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "740.40"
          },
          {
            "_id": null,
            "model": "linux enterprise server sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "windows server gold x64-datacenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "business server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "1"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.22"
          },
          {
            "_id": null,
            "model": "enterprise linux extras",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "ucosminexus operator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.96"
          },
          {
            "_id": null,
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.2"
          },
          {
            "_id": null,
            "model": "web server security enhancement",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "aura application server sip core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53002.0"
          },
          {
            "_id": null,
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "java system application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11.0.696.77"
          },
          {
            "_id": null,
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "windows server for itanium-based systems r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "rsa bsafe ssl-j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emc",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "windows server for itanium-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20080"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3.2"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "13.0.782.112"
          },
          {
            "_id": null,
            "model": "websphere datapower soa appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.344"
          },
          {
            "_id": null,
            "model": "cosminexus developer\u0027s kit for java (windows(x8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-06"
          },
          {
            "_id": null,
            "model": "jdk update24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "13.0.782.215"
          },
          {
            "_id": null,
            "model": "meeting exchange client registration server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "openpages grc platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.5.2"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3.1"
          },
          {
            "_id": null,
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop supplementary",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "rational appscan enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0.102"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11.0.696.57"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "760.31"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.18"
          },
          {
            "_id": null,
            "model": "voice portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "windows server enterprise edition sp1 beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20031"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-05"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "740.81"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2011"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0.0 04",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "vcenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.11.2"
          },
          {
            "_id": null,
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.215"
          },
          {
            "_id": null,
            "model": "windows server r2 standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20030"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "windows server r2 for x64-based systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "software opera web browser j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.11"
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "nonstop server h06.25",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.302"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.19.3"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3.5"
          },
          {
            "_id": null,
            "model": "windows vista business 64-bit edition sp1 x86-enterprise",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.04"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.1-73"
          },
          {
            "_id": null,
            "model": "power systems 350.b0",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "openpages grc platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.5.3"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.13"
          },
          {
            "_id": null,
            "model": "database 11g release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "211.2.0.2"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.20"
          },
          {
            "_id": null,
            "model": "windows vista edition sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "x64"
          },
          {
            "_id": null,
            "model": "enterprise linux for sap server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "security appscan standard",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "740.00"
          },
          {
            "_id": null,
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "system management homepage b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.2.77"
          },
          {
            "_id": null,
            "model": "java se sr9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11.0.696.68"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "760.30"
          },
          {
            "_id": null,
            "model": "nonstop server j06.07.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "message networking sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "linux enterprise server for vmware sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.549.0"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.013"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "8.50"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.13"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.207"
          },
          {
            "_id": null,
            "model": "jdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "350.80"
          },
          {
            "_id": null,
            "model": "nonstop server j06.08.04",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "rational appscan standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0.1"
          },
          {
            "_id": null,
            "model": "flex system cmm 1.40.2q",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "enterprise server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "jdk 07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "cosminexus developer\u0027s kit for java (windows(x6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-01"
          },
          {
            "_id": null,
            "model": "tv",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "nonstop server h06.24",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "access manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "windows server datacenter edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003x64"
          },
          {
            "_id": null,
            "model": "nonstop server h06.16.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional for plug-in",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "nonstop server h06.18.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.223"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.23"
          },
          {
            "_id": null,
            "model": "windows server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "cosminexus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "jdk update13",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "software opera web browser linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "6.0.3"
          },
          {
            "_id": null,
            "model": "windows server r2 datacenter edition sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20030"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "13"
          },
          {
            "_id": null,
            "model": "windows server gold x64-enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "nonstop server h06.19.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "windows for itanium-based systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7"
          },
          {
            "_id": null,
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0e",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "windows server enterprise edition sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "773.00"
          },
          {
            "_id": null,
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "esx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "10.0.648.128"
          },
          {
            "_id": null,
            "model": "jrockit r28.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update19",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "openpages grc platform",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.1"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.0"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.3"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "740.15"
          },
          {
            "_id": null,
            "model": "windows server r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003x64"
          },
          {
            "_id": null,
            "model": "software opera web browser beta build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.2012981"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.222"
          },
          {
            "_id": null,
            "model": "windows server for x64-based systems r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.2"
          },
          {
            "_id": null,
            "model": "windows server datacenter edition sp1 beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20031"
          },
          {
            "_id": null,
            "model": "windows server r2 datacenter sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.14.20"
          },
          {
            "_id": null,
            "model": "cosminexus studio standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9"
          },
          {
            "_id": null,
            "model": "windows xp tablet pc edition sp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-05"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "8.53"
          },
          {
            "_id": null,
            "model": "cms server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "16.1"
          },
          {
            "_id": null,
            "model": "windows server r2 itanium",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20080"
          },
          {
            "_id": null,
            "model": "windows xp professional sp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows server for itanium-based systems sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "nonstop server j06.11.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "java se sr9-fp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "business server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "collax",
            "version": "5.5.11"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.72"
          },
          {
            "_id": null,
            "model": "windows server standard edition sp2 hpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008-"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2011"
          },
          {
            "_id": null,
            "model": "update manager update",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.01"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.551.1"
          },
          {
            "_id": null,
            "model": "glassfish enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "windows vista ultimate",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "740.10"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "740.20"
          },
          {
            "_id": null,
            "model": "virtualcenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.7",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "rational appscan enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.01"
          },
          {
            "_id": null,
            "model": "nonstop server h06.20.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "vcenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "12"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.20"
          },
          {
            "_id": null,
            "model": "jre 10-b03",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "740.61"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "java se",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "rational appscan enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "350.90"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.1"
          },
          {
            "_id": null,
            "model": "messaging storage server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "nonstop server j06.05.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "nonstop server j06.07.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "windows server gold",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3.4"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.53"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.10.8"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.20.1"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.71"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1.104"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.220"
          },
          {
            "_id": null,
            "model": "java ibm 31-bit sdk for z/os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "aura session manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "windows server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20080"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.16.4"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.10"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.1.73"
          },
          {
            "_id": null,
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "java se sr5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "rsa bsafe ssl-c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emc",
            "version": "2.8.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "cosminexus http server windows",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-11"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "760.00"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.102"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.8"
          },
          {
            "_id": null,
            "model": "nonstop server h06.21.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "windows vista business 64-bit edition sp1 x64-enterprise",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "6.10"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.20"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.16"
          },
          {
            "_id": null,
            "model": "java se",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "software opera web browser beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.60"
          },
          {
            "_id": null,
            "model": "software opera web browser win32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "6.0.5"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00(64)"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-10-03(x64)"
          },
          {
            "_id": null,
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux enterprise software development kit sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8.179"
          },
          {
            "_id": null,
            "model": "web server aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00"
          },
          {
            "_id": null,
            "model": "software opera web browser beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.00"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "770.20"
          },
          {
            "_id": null,
            "model": "power systems 350.d0",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.224"
          },
          {
            "_id": null,
            "model": "business server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "collax",
            "version": "5.5.12"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.61"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node supplementary",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop supplementary client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.308"
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.8.5"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.10.6"
          },
          {
            "_id": null,
            "model": "jdk update17",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "windows server datacenter edition sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.4"
          },
          {
            "_id": null,
            "model": "rational appscan enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "windows server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003x64"
          },
          {
            "_id": null,
            "model": "cosminexus http server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-13"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.12"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.54"
          },
          {
            "_id": null,
            "model": "nonstop server j06.05.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser .6win32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "openpages grc platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.4.221"
          },
          {
            "_id": null,
            "model": "sdk 02",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "11"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.201"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.11"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11.0.672.2"
          },
          {
            "_id": null,
            "model": "jdk 0 03",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "10"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.1"
          },
          {
            "_id": null,
            "model": "jdk update20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "windows server standard edition r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.62"
          },
          {
            "_id": null,
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.61"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.237"
          },
          {
            "_id": null,
            "model": "linux enterprise desktop sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "windows vista business 64-bit edition sp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server h06.17.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "773.02"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "770.31"
          },
          {
            "_id": null,
            "model": "nonstop server j06.08.03",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "aura conferencing standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "nonstop server j06.10.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "windows vista home premium 64-bit edition sp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows xp embedded sp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows server datacenter edition itanium sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "nonstop server h06.17.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "freeflow print server 91.d2.32",
            "scope": null,
            "trust": 0.3,
            "vendor": "xerox",
            "version": null
          },
          {
            "_id": null,
            "model": "windows vista business 64-bit edition sp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus server web edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux enterprise for sap applications sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.6"
          },
          {
            "_id": null,
            "model": "rsa bsafe micro edition suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emc",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "windows vista enterprise 64-bit edition sp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows server sp1 storage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0d",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "meeting exchange streaming server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "processing kit for xml",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rsa bsafe micro edition suite",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "emc",
            "version": "3.2.6"
          },
          {
            "_id": null,
            "model": "java se sr11 pf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "lotus domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.3"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00"
          },
          {
            "_id": null,
            "model": "groupware suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "collax",
            "version": "5.5.11"
          },
          {
            "_id": null,
            "model": "cosminexus studio web edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.213"
          },
          {
            "_id": null,
            "model": "nonstop server h06.15.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "voice portal sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.06"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.1"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.15"
          },
          {
            "_id": null,
            "model": "windows server standard edition itanium",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "nonstop server j06.14",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk 01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "760.40"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.70"
          },
          {
            "_id": null,
            "model": "windows vista ultimate 64-bit edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "openpages grc platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 09-b03",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "system integrated management module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x2"
          },
          {
            "_id": null,
            "model": "windows vista enterprise 64-bit edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "0"
          },
          {
            "_id": null,
            "model": "nonstop server h06.26",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "rsa bsafe ssl-j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emc",
            "version": "5.1.1"
          },
          {
            "_id": null,
            "model": "windows server web edition sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.218"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.2"
          },
          {
            "_id": null,
            "model": "nonstop server j06.13",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.14"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.1"
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "770.21"
          },
          {
            "_id": null,
            "model": "nonstop server j06.09.04",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-10"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.3"
          },
          {
            "_id": null,
            "model": "meeting exchange sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "messaging application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6.156"
          },
          {
            "_id": null,
            "model": "windows for itanium-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "70"
          },
          {
            "_id": null,
            "model": "ir",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "esx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.5"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.45"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.7"
          },
          {
            "_id": null,
            "model": "software opera web browser mac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "nonstop server j06.05.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus server standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational policy tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0.1"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.216"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "rsa bsafe micro edition suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emc",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "rational policy tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "rsa bsafe micro edition suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emc",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.19"
          },
          {
            "_id": null,
            "model": "project openssl beta5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.0"
          },
          {
            "_id": null,
            "model": "windows server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "windows server enterprise edition itanium sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "windows server gold enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "windows vista sp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.6"
          },
          {
            "_id": null,
            "model": "websphere datapower soa appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.8.1"
          },
          {
            "_id": null,
            "model": "jrockit r27.1.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "fusion middleware 11g release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "111.1.16"
          },
          {
            "_id": null,
            "model": "windows vista business 64-bit edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "0"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.23.1"
          },
          {
            "_id": null,
            "model": "websphere multichannel bank transformation toolkit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "vplex geosynchrony",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emc",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "software opera web browser b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.11"
          },
          {
            "_id": null,
            "model": "enterprise linux supplementary server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "jrockit r28.1.4",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.9.1"
          },
          {
            "_id": null,
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0-103"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.12.201"
          },
          {
            "_id": null,
            "model": "windows xp media center edition sp3",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "740.16"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.01"
          },
          {
            "_id": null,
            "model": "rational appscan standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.12"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "nonstop server j06.09.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "windows server enterprise edition sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003x64"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.6",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server j06.06.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8q",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "windows xp media center edition",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.4"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.012"
          },
          {
            "_id": null,
            "model": "software opera web browser beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.00"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.17"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.15.3"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "760.11"
          },
          {
            "_id": null,
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "lotus domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2"
          },
          {
            "_id": null,
            "model": "bladecenter advanced management module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2.127"
          },
          {
            "_id": null,
            "model": "java sdk sr13 fp11",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "740.50"
          },
          {
            "_id": null,
            "model": "cms server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "16.0"
          },
          {
            "_id": null,
            "model": "windows server gold storage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.8",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.02"
          },
          {
            "_id": null,
            "model": "windows xp mode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "70"
          },
          {
            "_id": null,
            "model": "software opera web browser win32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "windows vista home premium sp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.310"
          },
          {
            "_id": null,
            "model": "cosminexus developer\u0027s kit for java (windows(x6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-06"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.62"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-10-01"
          },
          {
            "_id": null,
            "model": "software opera web browser win32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "windows server r2 sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008x64"
          },
          {
            "_id": null,
            "model": "callpilot",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8g",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "linux enterprise software development kit sp1 for sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "voice portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.11"
          },
          {
            "_id": null,
            "model": "windows vista home basic 64-bit edition sp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "windows server standard edition sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "java se sr12-fp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "openjdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openjdk",
            "version": "6"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.202"
          },
          {
            "_id": null,
            "model": "windows vista business sp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows server standard edition gold hpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008-"
          },
          {
            "_id": null,
            "model": "windows server gold x64-standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-05"
          },
          {
            "_id": null,
            "model": "jre beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "software opera web browser win32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "java sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.15.5"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "350.30"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.4",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "aura system manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "messaging storage server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "14.0.835.186"
          },
          {
            "_id": null,
            "model": "windows server sp2 storage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.015"
          },
          {
            "_id": null,
            "model": "windows vista enterprise sp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.1"
          },
          {
            "_id": null,
            "model": "sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.4.219"
          },
          {
            "_id": null,
            "model": "java se sr10",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "9.0.597.94"
          },
          {
            "_id": null,
            "model": "cosminexus http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-10"
          },
          {
            "_id": null,
            "model": "nonstop server h06.20.03",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "java se sr11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "windows server standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008x64"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "770.10"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.80"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "freeflow print server 73.c5.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "xerox",
            "version": null
          },
          {
            "_id": null,
            "model": "rsa bsafe ssl-j",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "emc",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.50"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "8.02"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.52"
          },
          {
            "_id": null,
            "model": "windows xp tablet pc edition",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "70"
          },
          {
            "_id": null,
            "model": "ucosminexus developer )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "10.0.648.204"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.5"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.551.0"
          },
          {
            "_id": null,
            "model": "tls",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ietf",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.301"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.90"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.00"
          },
          {
            "_id": null,
            "model": "rsa bsafe ssl-j",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "emc",
            "version": "5.1.2"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "_id": null,
            "model": "jdk update23",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "12.0.742.112"
          },
          {
            "_id": null,
            "model": "linux enterprise server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.3"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.03"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "8.0.2"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.10.7"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.6"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "740.51"
          },
          {
            "_id": null,
            "model": "jre 28",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "system management homepage b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10.186"
          },
          {
            "_id": null,
            "model": "firefox beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.62"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "windows server itanium sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "windows server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "7.1.0"
          },
          {
            "_id": null,
            "model": "windows server datacenter edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20080"
          },
          {
            "_id": null,
            "model": "web server )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-04"
          },
          {
            "_id": null,
            "model": "cosminexus http server linux",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-12"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.4"
          },
          {
            "_id": null,
            "model": "flex system cmm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.00"
          },
          {
            "_id": null,
            "model": "rsa bsafe micro edition suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emc",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0b",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.52"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "11.01"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "web server 01-02-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "http server 12c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.2"
          },
          {
            "_id": null,
            "model": "windows server r2 x64-enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.11"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "windows server gold",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003x64"
          },
          {
            "_id": null,
            "model": "aura system manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4.143"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.15"
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "java system application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "windows xp embedded sp3",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.60"
          },
          {
            "_id": null,
            "model": "windows vista ultimate 64-bit edition sp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows server datacenter edition release candidate",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "jdk 0 09",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2.0-12"
          },
          {
            "_id": null,
            "model": "windows server r2 enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20080"
          },
          {
            "_id": null,
            "model": "hirdb for java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.7"
          },
          {
            "_id": null,
            "model": "vcenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "jre 04",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "windows xp professional",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.20"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.300"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.021"
          },
          {
            "_id": null,
            "model": "rational policy tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "software opera web browser beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.50"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.51"
          },
          {
            "_id": null,
            "model": "enterprise linux server optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5.146"
          },
          {
            "_id": null,
            "model": "nonstop server j06.04.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser win32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "6.0.3"
          },
          {
            "_id": null,
            "model": "windows home premium",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "70"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.46"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.2"
          },
          {
            "_id": null,
            "model": "windows vista sp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.15.1"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.4"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.5"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.22"
          },
          {
            "_id": null,
            "model": "windows server r2 enterprise edition sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20030"
          },
          {
            "_id": null,
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.205"
          },
          {
            "_id": null,
            "model": "windows xp media center edition sp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows starter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "70"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.07"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.204"
          },
          {
            "_id": null,
            "model": "cosminexus http server hp-ux",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-13"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "11.10"
          },
          {
            "_id": null,
            "model": "lotus domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "jdk update25",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "lotus domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "java se sr13-fp11",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "windows server sp2 datacenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "windows server standard edition gold standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008-"
          },
          {
            "_id": null,
            "model": "windows vista home basic sp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "aura system platform sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.103"
          },
          {
            "_id": null,
            "model": "windows server standard edition sp2 storage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008-"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 01-b06",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.18.1"
          },
          {
            "_id": null,
            "model": "web server 02-04-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11.0.696.71"
          },
          {
            "_id": null,
            "model": "ucosminexus client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "windows server standard edition r2 sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "meeting exchange webportal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "-6.0"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "12.0.742.91"
          },
          {
            "_id": null,
            "model": "software opera web browser beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.601"
          },
          {
            "_id": null,
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "web server solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.017"
          },
          {
            "_id": null,
            "model": "windows server r2 compute cluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.210"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-01"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0.0 03",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "windows vista ultimate sp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.4.227"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.309"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.214"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.19.4"
          },
          {
            "_id": null,
            "model": "sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.4.224"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00(x64)"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.11"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7"
          },
          {
            "_id": null,
            "model": "windows server standard edition gold storage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008-"
          },
          {
            "_id": null,
            "model": "windows for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "70"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "740.52"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.8"
          },
          {
            "_id": null,
            "model": "nonstop server h06.20.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer no version",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.0.121"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "14.0.835.163"
          },
          {
            "_id": null,
            "model": "jdk update18",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.304"
          },
          {
            "_id": null,
            "model": "windows vista enterprise sp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.11"
          },
          {
            "_id": null,
            "model": "nonstop server j06.09.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.305"
          },
          {
            "_id": null,
            "model": "windows xp professional sp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.60"
          },
          {
            "_id": null,
            "model": "windows server r2 datacenter edition sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20030"
          },
          {
            "_id": null,
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "tv",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.13.1"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.16"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.50"
          },
          {
            "_id": null,
            "model": "rsa bsafe micro edition suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emc",
            "version": "3.2.4"
          },
          {
            "_id": null,
            "model": "nonstop server h06.18.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server no version",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "websphere datapower soa appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "770.00"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.24.0"
          },
          {
            "_id": null,
            "model": "windows server r2 datacenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20080"
          },
          {
            "_id": null,
            "model": "windows vista home basic 64-bit edition sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "x64"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "760.10"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8f",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "350.50"
          },
          {
            "_id": null,
            "model": "linux enterprise sdk sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "windows vista enterprise 64-bit edition sp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.203"
          },
          {
            "_id": null,
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.1.1"
          },
          {
            "_id": null,
            "model": "nonstop server h06.19.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "windows server enterprise edition itanium",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20030"
          },
          {
            "_id": null,
            "model": "windows vista home basic",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows vista business 64-bit edition sp1 x86-ultimate",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.7"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "web server aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "freeflow print server 81.d0.73",
            "scope": null,
            "trust": 0.3,
            "vendor": "xerox",
            "version": null
          },
          {
            "_id": null,
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.208"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "windows server enterprise edition itanium sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "software opera web browser beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.00"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "windows server standard edition sp1 beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20031"
          },
          {
            "_id": null,
            "model": "nonstop server j06.06.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "cms server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "15.0"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.12"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.2",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.2-77"
          },
          {
            "_id": null,
            "model": "ucosminexus application server express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-70"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.8"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-01"
          },
          {
            "_id": null,
            "model": "aura system platform sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "simatic rf615r",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "windows vista edition sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "x64"
          },
          {
            "_id": null,
            "model": "windows server gold itanium",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "windows server datacenter edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "jre 27",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "rational appscan standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "_id": null,
            "model": "windows vista business 64-bit edition sp1 x64-ultimate",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.209"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.226"
          },
          {
            "_id": null,
            "model": "windows server standard edition sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.014"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "nonstop server j06.12.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "windows server enterprise edition sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.9",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8r",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "windows server r2 storage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "power systems 350.a0",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "simatic rf68xr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.011"
          },
          {
            "_id": null,
            "model": "windows vista business 64-bit edition sp1 x64-home premium",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server j06.09.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "jrockit r27.6.3",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.9"
          },
          {
            "_id": null,
            "model": "jdk update14",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "cosminexus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "project openssl beta4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.0"
          },
          {
            "_id": null,
            "model": "java se sr6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "windows server standard edition gold enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008-"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "tv",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8p",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "windows server standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003x64"
          },
          {
            "_id": null,
            "model": "rsa bsafe micro edition suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emc",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "010"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.15-210"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.27"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "messaging application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5"
          },
          {
            "_id": null,
            "model": "windows server r2 sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.0.95"
          },
          {
            "_id": null,
            "model": "windows xp tablet pc edition sp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "voice portal sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.18"
          },
          {
            "_id": null,
            "model": "networks matrixssl",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "peersec",
            "version": "3.2.2"
          },
          {
            "_id": null,
            "model": "windows server standard edition gold",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008-"
          },
          {
            "_id": null,
            "model": "windows server r2 platfom sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "windows vista ultimate sp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-02"
          },
          {
            "_id": null,
            "model": "nonstop server j06.10.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "secure sockets layer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ietf",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "windows ultimate",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "70"
          },
          {
            "_id": null,
            "model": "windows server standard edition sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "rsa bsafe micro edition suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emc",
            "version": "3.2.5"
          },
          {
            "_id": null,
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "nonstop server h06.24.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.23"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "windows server r2 standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "740.60"
          },
          {
            "_id": null,
            "model": "messaging storage server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "websphere multichannel bank transformation toolkit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1.0.2"
          },
          {
            "_id": null,
            "model": "windows vista home basic 64-bit edition sp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "connect build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "7.1.42985"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "web server 02-04-/a (windows(ip",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.19.6"
          },
          {
            "_id": null,
            "model": "windows server datacenter edition itanium sp1 beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20031"
          },
          {
            "_id": null,
            "model": "windows server for x64-based systems sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.5"
          },
          {
            "_id": null,
            "model": "virtualcenter update 6b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "simatic rf68xr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 09",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "cosminexus http server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-10"
          },
          {
            "_id": null,
            "model": "enterprise linux ws extras",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.6"
          },
          {
            "_id": null,
            "model": "windows xp home",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.10"
          },
          {
            "_id": null,
            "model": "windows server web edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser 3win32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "enterprise linux es extras",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "openjdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openjdk",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.010"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "_id": null,
            "model": "firefox beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.63"
          },
          {
            "_id": null,
            "model": "software opera web browser 2win32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.64"
          },
          {
            "_id": null,
            "model": "windows server itanium",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20030"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "8.01"
          },
          {
            "_id": null,
            "model": "windows xp service pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "30"
          },
          {
            "_id": null,
            "model": "nonstop server j06.08.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "freeflow print server 82.d1.44",
            "scope": null,
            "trust": 0.3,
            "vendor": "xerox",
            "version": null
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.8"
          },
          {
            "_id": null,
            "model": "communication server telephony manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "10003.0"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8l",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-10-09"
          },
          {
            "_id": null,
            "model": "windows server r2 datacenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "windows server sp2 compute cluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "cosminexus developer\u0027s kit for java",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-01"
          },
          {
            "_id": null,
            "model": "software opera web browser win32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "6.0.4"
          },
          {
            "_id": null,
            "model": "nonstop server h06.15.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "cosminexus primary server base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "740.21"
          },
          {
            "_id": null,
            "model": "sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.4.223"
          },
          {
            "_id": null,
            "model": "connect",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-04"
          },
          {
            "_id": null,
            "model": "nonstop server h06.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.3"
          },
          {
            "_id": null,
            "model": "enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "_id": null,
            "model": "simatic rf615r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "java se sr7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.20"
          },
          {
            "_id": null,
            "model": "java se sr13-fp10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.63"
          },
          {
            "_id": null,
            "model": "windows xp professional edition sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "x64"
          },
          {
            "_id": null,
            "model": "business server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "1x8664"
          },
          {
            "_id": null,
            "model": "jdk update16",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "windows home premium sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7-x64"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.14"
          },
          {
            "_id": null,
            "model": "nonstop server h06.22.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "groupware suite",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "collax",
            "version": "5.5.12"
          },
          {
            "_id": null,
            "model": "windows xp professional sp3",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2.106"
          },
          {
            "_id": null,
            "model": "jrockit r28.1.3",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "sdk .0 01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.1"
          },
          {
            "_id": null,
            "model": "windows vista home basic 64-bit edition sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "x64"
          },
          {
            "_id": null,
            "model": "lotus domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "5.12"
          },
          {
            "_id": null,
            "model": "windows server enterprise edition release candidate",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.020"
          },
          {
            "_id": null,
            "model": "enterprise linux as for sap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "flex system integrated management module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2"
          },
          {
            "_id": null,
            "model": "nonstop server h06.19.03",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "760.41"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.12.2"
          },
          {
            "_id": null,
            "model": "windows vista home basic 64-bit edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.05"
          },
          {
            "_id": null,
            "model": "cosminexus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "networks matrixssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "peersec",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "websphere multichannel bank transformation toolkit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "interactive response",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows for x64-based systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7"
          },
          {
            "_id": null,
            "model": "vplex geosynchrony",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "emc",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "messaging application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.16.3"
          },
          {
            "_id": null,
            "model": "windows server r2 itanium sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.51"
          },
          {
            "_id": null,
            "model": "nonstop server h06.21.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.8"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.3"
          },
          {
            "_id": null,
            "model": "software opera web browser win32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "5.11"
          },
          {
            "_id": null,
            "model": "cosminexus client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.212"
          },
          {
            "_id": null,
            "model": "cosminexus http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.206"
          },
          {
            "_id": null,
            "model": "cms server aux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "15.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "cosminexus http server windows",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-12"
          },
          {
            "_id": null,
            "model": "nonstop server h06.19.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00"
          },
          {
            "_id": null,
            "model": "freeflow print server 93.e0.21c",
            "scope": null,
            "trust": 0.3,
            "vendor": "xerox",
            "version": null
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "350.10"
          },
          {
            "_id": null,
            "model": "simatic rf615r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.1.2"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.9"
          },
          {
            "_id": null,
            "model": "cosminexus http server linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "windows server r2 x64-standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "nonstop server j06.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server h06.26.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "linux enterprise server sp1 for sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11.0.696.43"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.26"
          },
          {
            "_id": null,
            "model": "software opera web browser win32 beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "7.02"
          },
          {
            "_id": null,
            "model": "access manager sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ucosminexus developer hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "websphere datapower soa appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.8.2"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.221"
          },
          {
            "_id": null,
            "model": "nonstop server j06.04.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.016"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.307"
          },
          {
            "_id": null,
            "model": "windows xp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 07-b03",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.1"
          },
          {
            "_id": null,
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.1"
          },
          {
            "_id": null,
            "model": "windows server r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "_id": null,
            "model": "windows server datacenter edition itanium",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20030"
          },
          {
            "_id": null,
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.21"
          },
          {
            "_id": null,
            "model": "software opera web browser win32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "update manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.12.1"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "cosminexus http server linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-10"
          },
          {
            "_id": null,
            "model": "software opera web browser linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "350.40"
          },
          {
            "_id": null,
            "model": "enterprise linux sap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "nonstop server h06.20.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.19.5"
          },
          {
            "_id": null,
            "model": "software opera web browser beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.201"
          },
          {
            "_id": null,
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.21.7"
          },
          {
            "_id": null,
            "model": "nonstop server j06.10.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere multichannel bank transformation toolkit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard-r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.21"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.550.0"
          },
          {
            "_id": null,
            "model": "windows vista enterprise",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00(x64)"
          },
          {
            "_id": null,
            "model": "nonstop server h06.16.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "software opera web browser linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "windows server sp2 enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "jdk update22",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10.61"
          },
          {
            "_id": null,
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "10"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "760.20"
          },
          {
            "_id": null,
            "model": "windows xp media center edition sp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update15",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "communication server telephony manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "10004.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.8.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "power systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "730.91"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "freeflow print server 73.d2.33",
            "scope": null,
            "trust": 0.3,
            "vendor": "xerox",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "database 11g release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "111.1.0.7"
          },
          {
            "_id": null,
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "10.0.648.205"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "_id": null,
            "model": "windows server datacenter edition sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.2"
          },
          {
            "_id": null,
            "model": "nonstop server h06.25.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "windows server web edition sp1 beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20031"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.2"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#864643"
          },
          {
            "db": "BID",
            "id": "49778"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3389"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Thai Duong and Juliano Rizzo, Wendy Parrington from United Utilities.",
        "sources": [
          {
            "db": "BID",
            "id": "49778"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2011-3389",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2011-3389",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-3389",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#864643",
                "trust": 0.8,
                "value": "3.38"
              },
              {
                "author": "VULMON",
                "id": "CVE-2011-3389",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#864643"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3389"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3389"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack. A vulnerability in the specification of the SSL 3.0 and TLS 1.0 protocols could allow an attacker to decrypt encrypted traffic. This will result in a false sense of security, and potentially result in the disclosure of sensitive information. \nHP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and\nWindows. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Oracle JRE/JDK: Multiple vulnerabilities\n     Date: November 05, 2011\n     Bugs: #340421, #354213, #370559, #387851\n       ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-java/sun-jre-bin        \u003c 1.6.0.29              \u003e= 1.6.0.29 *\n  2  app-emulation/emul-linux-x86-java\n                                 \u003c 1.6.0.29              \u003e= 1.6.0.29 *\n  3  dev-java/sun-jdk            \u003c 1.6.0.29              \u003e= 1.6.0.29 *\n    -------------------------------------------------------------------\n     NOTE: Packages marked with asterisks require manual intervention!\n    -------------------------------------------------------------------\n     3 affected packages\n    -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below and\nthe associated Oracle Critical Patch Update Advisory for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n  # emerge --sync\n  # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[  1 ] CVE-2010-3541\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[  2 ] CVE-2010-3548\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[  3 ] CVE-2010-3549\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[  4 ] CVE-2010-3550\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[  5 ] CVE-2010-3551\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[  6 ] CVE-2010-3552\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[  7 ] CVE-2010-3553\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[  8 ] CVE-2010-3554\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[  9 ] CVE-2010-3555\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nSC World Congress, New York, USA, 16 November 2011\nVisit the Secunia booth (#203) and discover how you can improve your handling of third party programs:\n\nhttp://secunia.com/resources/events/sc_2011/ \n\n----------------------------------------------------------------------\n\nTITLE:\nIBM Lotus Domino SSL/TLS Initialization Vector Selection Weakness\n\nSECUNIA ADVISORY ID:\nSA46791\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46791/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46791\n\nRELEASE DATE:\n2011-11-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46791/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46791/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46791\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness has been reported in IBM Lotus Domino, which can be\nexploited by malicious people to disclose potentially sensitive\ninformation and hijack a user\u0027s session. \n\nSOLUTION:\nAs a workaround enable RC4 encryption (please see the vendor\u0027s\nadvisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nThai Duong and Juliano Rizzo\n\nORIGINAL ADVISORY:\nIBM:\nhttp://www.ibm.com/support/docview.wss?uid=swg21568229\n\nIBM ISS X-Force:\nhttp://xforce.iss.net/xforce/xfdb/70069\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n \n A flaw was found in the way the Python SimpleHTTPServer module\n generated directory listings. An attacker able to upload a file\n with a specially-crafted name to a server could possibly perform a\n cross-site scripting (XSS) attack against victims visiting a listing\n page generated by SimpleHTTPServer, for a directory containing\n the crafted file (if the victims were using certain web browsers)\n (CVE-2011-4940). \n \n A race condition was found in the way the Python distutils module\n set file permissions during the creation of the .pypirc file. If a\n local user had access to the home directory of another user who is\n running distutils, they could use this flaw to gain access to that\n user\u0026#039;s .pypirc file, which can contain usernames and passwords for\n code repositories (CVE-2011-4944). \n \n A flaw was found in the way the Python SimpleXMLRPCServer module\n handled clients disconnecting prematurely. \n \n Hash table collisions CPU usage DoS for the embedded copy of expat\n (CVE-2012-0876). \n \n A denial of service flaw was found in the implementation of associative\n arrays (dictionaries) in Python. An attacker able to supply a large\n number of inputs to a Python application (such as HTTP POST request\n parameters sent to a web application) that are used as keys when\n inserting data into an array could trigger multiple hash function\n collisions, making array operations take an excessive amount of\n CPU time. To mitigate this issue, randomization has been added to\n the hash function to reduce the chance of an attacker successfully\n causing intentional collisions (CVE-2012-1150). \n \n The updated packages have been patched to correct these issues.  The verification\n of md5 checksums and GPG signatures is performed automatically for you.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFP4cpsmqjQ0CJFipgRAns2AKCf6yQzu1AwCPejS+sWBnfY717HLQCeIefL\nNJQbNxUlwmb1w7aFZIt0vdU=\n=3Vdc\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-1263-1\nNovember 16, 2011\n\nicedtea-web, openjdk-6, openjdk-6b18 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nMultiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed. \n\nSoftware Description:\n- icedtea-web: A web browser plugin to execute Java applets\n- openjdk-6: Open Source Java implementation\n- openjdk-6b18: Open Source Java implementation\n\nDetails:\n\nDeepak Bhole discovered a flaw in the Same Origin Policy (SOP)\nimplementation in the IcedTea web browser plugin. This could allow a\nremote attacker to open connections to certain hosts that should\nnot be permitted. (CVE-2011-3377)\n\nJuliano Rizzo and Thai Duong discovered that the block-wise AES\nencryption algorithm block-wise as used in TLS/SSL was vulnerable to\na chosen-plaintext attack. This could allow a remote attacker to view\nconfidential data. (CVE-2011-3389)\n\nIt was discovered that a type confusion flaw existed in the in\nthe Internet Inter-Orb Protocol (IIOP) deserialization code. A\nremote attacker could use this to cause an untrusted application\nor applet to execute arbitrary code by deserializing malicious\ninput. (CVE-2011-3521)\n\nIt was discovered that the Java scripting engine did not perform\nSecurityManager checks. This could allow a remote attacker to cause\nan untrusted application or applet to execute arbitrary code with\nthe full privileges of the JVM. (CVE-2011-3544)\n\nIt was discovered that the InputStream class used a global buffer to\nstore input bytes skipped. An attacker could possibly use this to gain\naccess to sensitive information. (CVE-2011-3547)\n\nIt was discovered that a vulnerability existed in the AWTKeyStroke\nclass. A remote attacker could cause an untrusted application or applet\nto execute arbitrary code. (CVE-2011-3548)\n\nIt was discovered that an integer overflow vulnerability existed\nin the TransformHelper class in the Java2D implementation. A remote\nattacker could use this cause a denial of service via an application\nor applet crash or possibly execute arbitrary code. (CVE-2011-3551)\n\nIt was discovered that the default number of available UDP sockets for\napplications running under SecurityManager restrictions was set too\nhigh. A remote attacker could use this with a malicious application or\napplet exhaust the number of available UDP sockets to cause a denial\nof service for other applets or applications running within the same\nJVM. (CVE-2011-3552)\n\nIt was discovered that Java API for XML Web Services (JAX-WS) could\nincorrectly expose a stack trace. (CVE-2011-3553)\n\nIt was discovered that the unpacker for pack200 JAR files did not\nsufficiently check for errors. An attacker could cause a denial of\nservice or possibly execute arbitrary code through a specially crafted\npack200 JAR file. (CVE-2011-3554)\n\nIt was discovered that the RMI registration implementation did not\nproperly restrict privileges of remotely executed code. A remote\nattacker could use this to execute code with elevated privileges. \n(CVE-2011-3556, CVE-2011-3557)\n\nIt was discovered that the HotSpot VM could be made to crash, allowing\nan attacker to cause a denial of service or possibly leak sensitive\ninformation. (CVE-2011-3558)\n\nIt was discovered that the HttpsURLConnection class did not\nproperly perform SecurityManager checks in certain situations. This\ncould allow a remote attacker to bypass restrictions on HTTPS\nconnections. (CVE-2011-3560)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n  icedtea-6-jre-cacao             6b23~pre11-0ubuntu1.11.10\n  icedtea-6-jre-jamvm             6b23~pre11-0ubuntu1.11.10\n  icedtea-netx                    1.1.3-1ubuntu1.1\n  icedtea-plugin                  1.1.3-1ubuntu1.1\n  openjdk-6-jre                   6b23~pre11-0ubuntu1.11.10\n  openjdk-6-jre-headless          6b23~pre11-0ubuntu1.11.10\n  openjdk-6-jre-lib               6b23~pre11-0ubuntu1.11.10\n  openjdk-6-jre-zero              6b23~pre11-0ubuntu1.11.10\n\nUbuntu 11.04:\n  icedtea-6-jre-cacao             6b22-1.10.4-0ubuntu1~11.04.1\n  icedtea-6-jre-jamvm             6b22-1.10.4-0ubuntu1~11.04.1\n  icedtea-netx                    1.1.1-0ubuntu1~11.04.2\n  icedtea-plugin                  1.1.1-0ubuntu1~11.04.2\n  openjdk-6-jre                   6b22-1.10.4-0ubuntu1~11.04.1\n  openjdk-6-jre-headless          6b22-1.10.4-0ubuntu1~11.04.1\n  openjdk-6-jre-lib               6b22-1.10.4-0ubuntu1~11.04.1\n  openjdk-6-jre-zero              6b22-1.10.4-0ubuntu1~11.04.1\n\nUbuntu 10.10:\n  icedtea-6-jre-cacao             6b20-1.9.10-0ubuntu1~10.10.2\n  openjdk-6-demo                  6b20-1.9.10-0ubuntu1~10.10.2\n  openjdk-6-jdk                   6b20-1.9.10-0ubuntu1~10.10.2\n  openjdk-6-jre                   6b20-1.9.10-0ubuntu1~10.10.2\n  openjdk-6-jre-headless          6b20-1.9.10-0ubuntu1~10.10.2\n  openjdk-6-jre-lib               6b20-1.9.10-0ubuntu1~10.10.2\n  openjdk-6-jre-zero              6b20-1.9.10-0ubuntu1~10.10.2\n\nUbuntu 10.04 LTS:\n  icedtea-6-jre-cacao             6b20-1.9.10-0ubuntu1~10.04.2\n  icedtea6-plugin                 6b20-1.9.10-0ubuntu1~10.04.2\n  openjdk-6-demo                  6b20-1.9.10-0ubuntu1~10.04.2\n  openjdk-6-jre                   6b20-1.9.10-0ubuntu1~10.04.2\n  openjdk-6-jre-headless          6b20-1.9.10-0ubuntu1~10.04.2\n  openjdk-6-jre-lib               6b20-1.9.10-0ubuntu1~10.04.2\n  openjdk-6-jre-zero              6b20-1.9.10-0ubuntu1~10.04.2\n\nAfter a standard system update you need to restart any Java applications\nor applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nESA-2012-032: RSA BSAFE\\xae Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks\n\nEMC Identifier: ESA-2012-032\n\nCVE Identifier: CVE-2011-3389\n\nSeverity Rating: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n\nAffected Products:\n\nAll versions of RSA BSAFE Micro Edition Suite prior to 4.0, all platforms\n\n\nUnaffected Products:\n\nRSA BSAFE Micro Edition Suite 4.0 and higher\n\n\nSummary:\n\nRSA BSAFE Micro Edition Suite contains updates designed to prevent BEAST attacks (CVE-2011-3389)\n\n\n\nDetails:\n\nThere is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric key algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important. \n\nThe BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time. \n\n\n\nRecommendation:\n\nThe best way to help prevent this attack is to use TLS v1.1 or higher. The vulnerability to do with IV generation was fixed in TLS v1.1 (released in 2006) so implementations using only TLS v1.1 or v1.2 are engineered to be secure against the BEAST exploit. However, support for these higher level protocols is limited to a smaller number of applications, so supporting only TLS v1.1 or v1.2 might cause interoperability issues. \n\nA second solution is to limit the negotiated cipher suites to exclude those that do not require symmetric key algorithms in CBC mode. However, this substantially restricts the number of cipher suites that can be negotiated. That is, only cipher suites with NULL encryption or cipher suites with streaming encryption algorithms (the RC4 algorithm) could be negotiated, which might result in reduced security. \n\nFor customers who cannot or should not implement either of these two methods, RSA BSAFE Micro Edition Suite 4.0 introduces a new feature called first block splitting. First block splitting prevents the BEAST exploit by introducing unknown data into the encryption scheme prior to the attackers inserted plain text data. This is done as follows: \n\n\\x951. The first plain text block to be encrypted is split into two blocks. The first block contains the first byte of the data, the second block contains the rest. \n\\x952. A MAC is generated from the one byte of data, the MAC key, and an increasing counter. This MAC is included in the first block. \n\\x953. The one byte of data, along with the MAC, is encrypted and becomes the IV for the next block. Because the IV is now essentially random data, it is impossible for an attacker to predict it and replace it with one of their own. \nTo implement first block splitting in RSA BSAFE Micro Edition Suite 4.0, either for an SSL context or SSL object, call R_SSL_CTX_set_options_by_type() or R_SSL_set_options_by_type() respectively, with the SSL_OP_TYPE_SECURITY option type and the SSL_OP_SPLIT_FIRST_FRAGMENT identifier. \n\nFor more information about these functions and identifiers, see the RSA BSAFE Micro Edition Suite API Reference Guide. \n\n\n\nSeverity Rating:\n\nFor an explanation of Severity Ratings, refer to the Knowledge Base Article, \\x93Security Advisories Severity Rating\\x94 at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\n\nObtaining Documentation:\n\nTo obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link. \n\n\n\nGetting Support and Service:\n\nFor customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help \u0026 Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab. \n\n\nGeneral Customer Support Information:\n\nhttp://www.rsa.com/node.aspx?id=1264\n\n\nRSA SecurCare Online:\n\nhttps://knowledge.rsasecurity.com\n\n\nEOPS Policy:\n\nRSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. \nhttp://www.rsa.com/node.aspx?id=2575\n\n\nSecurCare Online Security Advisories\n\nRSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided \"as is\" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. \n\n\nAbout RSA SecurCare Notes \u0026 Security Advisories Subscription\n\nRSA SecurCare Notes \u0026 Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\\x92d like to stop receiving RSA SecurCare Notes \u0026 Security Advisories, or if you\\x92d like to change which RSA product family Notes \u0026 Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes \u0026 Security Advisories you no longer want to receive. Click the Submit button to save your selection. \n\n\nEMC Product Security Response Center\n\nSecurity_Alert@EMC.COM\n\nhttp://www.emc.com/contact-us/contact/product-security-response-center.html\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (Cygwin)\n\niEYEARECAAYFAlBKOMwACgkQtjd2rKp+ALw1HQCfezG65rzhhtvVQAFkXzXQmthr\nCc8An3CJlTmuxBfF1dHt/NvQgKED9eR4\n=++hy\n-----END PGP SIGNATURE-----\n. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2011-3389\n\n   This update enables OpenSSL workarounds against the \"BEAST\" attack. \n   Additional information can be found in the Curl advisory:\n   http://curl.haxx.se/docs/adv_20120124B.html\n\nCVE-2012-0036\n\n   Dan Fandrich discovered that Curl performs insufficient sanitising\n   when extracting the file path part of an URL. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny6. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.24.0-1. \n\nWe recommend that you upgrade your curl packages. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Critical: java-1.5.0-ibm security update\nAdvisory ID:       RHSA-2012:0508-01\nProduct:           Red Hat Enterprise Linux Extras\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2012-0508.html\nIssue date:        2012-04-23\nCVE Names:         CVE-2011-3389 CVE-2011-3557 CVE-2011-3560 \n                   CVE-2011-3563 CVE-2012-0498 CVE-2012-0499 \n                   CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 \n                   CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.5.0-ibm packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit. \n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2011-3389, CVE-2011-3557,\nCVE-2011-3560, CVE-2011-3563, CVE-2012-0498, CVE-2012-0499, CVE-2012-0501,\nCVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR13-FP1 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)\n788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)\n788994 - CVE-2012-0507 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)\n789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)\n789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)\n789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)\n789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704)\n790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)\n790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm\n\nppc:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.ppc64.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.ppc64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.ppc64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.ppc64.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.ppc64.rpm\n\ns390x:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.s390.rpm\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.s390x.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.s390x.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.s390.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.s390x.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.s390.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.s390x.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.s390.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.s390.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.s390x.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\n\nppc64:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.ppc.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.ppc.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.ppc.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm\n\ns390x:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.s390.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.s390.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3563.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0498.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0499.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0501.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0502.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0503.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0505.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0506.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0507.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and\nSecurity Update 2012-004\n\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update\n2012-004 are now available and address the following:\n\nApache\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Multiple vulnerabilities in Apache\nDescription:  Apache is updated to version 2.2.22 to address several\nvulnerabilities, the most serious of which may lead to a denial of\nservice. Further information is available via the Apache web site at\nhttp://httpd.apache.org/. This issue does not affect OS X Mountain\nLion systems. \nCVE-ID\nCVE-2011-3368\nCVE-2011-3607\nCVE-2011-4317\nCVE-2012-0021\nCVE-2012-0031\nCVE-2012-0053\n\nBIND\nAvailable for:  OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact:  A remote attacker may be able to cause a denial of service\nin systems configured to run BIND as a DNS nameserver\nDescription:  A reachable assertion issue existed in the handling of\nDNS records. This issue was addressed by updating to BIND 9.7.6-P1. \nThis issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2011-4313\n\nBIND\nAvailable for:  OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact:  A remote attacker may be able to cause a denial of service,\ndata corruption, or obtain sensitive information from process memory\nin systems configured to run BIND as a DNS nameserver\nDescription:  A memory management issue existed in the handling of\nDNS records. This issue was addressed by updating to BIND 9.7.6-P1 on\nOS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-1667\n\nCoreText\nAvailable for:  OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact:  Applications that use CoreText may be vulnerable to an\nunexpected application termination or arbitrary code execution\nDescription:  A bounds checking issue existed in the handling of text\nglyphs, which may lead to out of bounds memory reads or writes. This\nissue was addressed through improved bounds checking. This issue does\nnot affect Mac OS X v10.6 or OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-3716 : Jesse Ruderman of Mozilla Corporation\n\nData Security\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact:  An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription:  TrustWave, a trusted root CA, has issued, and\nsubsequently revoked, a sub-CA certificate from one of its trusted\nanchors. This sub-CA facilitated the interception of communications\nsecured by Transport Layer Security (TLS). This update adds the\ninvolved sub-CA certificate to OS X\u0027s list of untrusted certificates. \n\nDirectoryService\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8\nImpact:  If the DirectoryService Proxy is used, a remote attacker may\ncause a denial of service or arbitrary code execution\nDescription:  A buffer overflow existed in the DirectoryService\nProxy. This issue was addressed through improved bounds checking. \nThis issue does not affect OS X Lion and Mountain Lion systems. \nCVE-ID\nCVE-2012-0650 : aazubel working with HP\u0027s Zero Day Initiative\n\nImageIO\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Viewing a maliciously crafted PNG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in libpng\u0027s\nhandling of PNG images. These issues were addressed through improved\nvalidation of PNG images. These issues do not affect OS X Mountain\nLion systems. \nCVE-ID\nCVE-2011-3026 : Juri Aedla\nCVE-2011-3048\n\nImageIO\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An integer overflow issue existed in libTIFF\u0027s handling\nof TIFF images. This issue was addressed through improved validation\nof TIFF images. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-1173 : Alexander Gavrun working with HP\u0027s Zero Day\nInitiative\n\nInstaller\nAvailable for:  OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact:  Remote admins and persons with physical access to the system\nmay obtain account information\nDescription:  The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented\nuser passwords from being recorded in the system log, but did not\nremove the old log entries. This issue was addressed by deleting log\nfiles that contained passwords. This issue does not affect Mac OS X\n10.6 or OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0652\n\nInternational Components for Unicode\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Applications that use ICU may be vulnerable to an unexpected\napplication termination or arbitrary code execution\nDescription:  A stack buffer overflow existed in the handling of ICU\nlocale IDs. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2011-4599\n\nKernel\nAvailable for:  OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact:  A malicious program could bypass sandbox restrictions\nDescription:  A logic issue existed in the handling of debug system\ncalls. This may allow a malicious program to gain code execution in\nother programs with the same user privileges. This issue was\naddressed by disabling handling of addresses in PT_STEP and\nPT_CONTINUE. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0643 : iOS Jailbreak Dream Team\n\nLoginWindow\nAvailable for:  OS X Mountain Lion v10.8 and v10.8.1\nImpact:  A local user may be able to obtain other user\u0027s login\npasswords\nDescription:  A user-installed input method could intercept password\nkeystrokes from Login Window or Screen Saver Unlock. This issue was\naddressed by preventing user-installed methods from being used when\nthe system is handling login information. \nCVE-ID\nCVE-2012-3718 : An anonymous researcher\n\nMail\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Viewing an e-mail message may lead to execution of web\nplugins\nDescription:  An input validation issue existed in Mail\u0027s handling of\nembedded web plugins. This issue was addressed by disabling third-\nparty plug-ins in Mail. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-3719 : Will Dormann of the CERT/CC\n\nMobile Accounts\nAvailable for:  OS X Mountain Lion v10.8 and v10.8.1\nImpact:  A user with access to the contents of a mobile account may\nobtain the account password\nDescription:  Creating a mobile account saved a hash of the password\nin the account, which was used to login when the mobile account was\nused as an external account. The password hash could be used to\ndetermine the user\u0027s password. This issue was addressed by creating\nthe password hash only if external accounts are enabled on the system\nwhere the mobile account is created. \nCVE-ID\nCVE-2012-3720 : Harald Wagener of Google, Inc. \n\nPHP\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact:  Multiple vulnerabilities in PHP\nDescription:  \u003ePHP is updated to version 5.3.15 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the PHP web site at\nhttp://www.php.net\nCVE-ID\nCVE-2012-0831\nCVE-2012-1172\nCVE-2012-1823\nCVE-2012-2143\nCVE-2012-2311\nCVE-2012-2386\nCVE-2012-2688\n\nPHP\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  PHP scripts which use libpng may be vulnerable to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\nPNG files. This issue was addressed by updating PHP\u0027s copy of libpng\nto version 1.5.10. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2011-3048\n\nProfile Manager\nAvailable for:  OS X Lion Server v10.7 to v10.7.4\nImpact:  An unauthenticated user could enumerate managed devices\nDescription:  An authentication issue existed in the Device\nManagement private interface. This issue was addressed by removing\nthe interface. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-3721 : Derick Cassidy of XEquals Corporation\n\nQuickLook\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Viewing a maliciously crafted .pict file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\n.pict files. This issue was addressed through improved validation of\n.pict files. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the\nQualys Vulnerability \u0026 Malware Research Labs (VMRL)\n\nQuickTime\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An integer overflow existed in QuickTime\u0027s handling of\nsean atoms. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An uninitialized memory access existed in the handling\nof Sorenson encoded movie files. This issue was addressed through\nimproved memory initialization. This issue does not affect OS X\nMountain Lion systems. \nCVE-ID\nCVE-2012-3722 : Will Dormann of the CERT/CC\n\nQuickTime\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the handling of RLE\nencoded movie files. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0668 : Luigi Auriemma working with HP\u0027s Zero Day Initiative\n\nRuby\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  An attacker may be able to decrypt data protected by SSL\nDescription:  There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nThe Ruby OpenSSL module disabled the \u0027empty fragment\u0027 countermeasure\nwhich prevented these attacks. This issue was addressed by enabling\nempty fragments. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2011-3389\n\nUSB\nAvailable for:  OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact:  Attaching a USB device may lead to an unexpected system\ntermination or arbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\nUSB hub descriptors. This issue was addressed through improved\nhandling of the bNbrPorts descriptor field. This issue does not\naffect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-3723 : Andy Davis of NGS Secure\n\nNote: OS X Mountain Lion v10.8.2 includes the content of\nSafari 6.0.1. For further details see \"About the security content\nof Safari 6.0.1\" at http://http//support.apple.com/kb/HT5502\n\n\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update\n2012-004 may be obtained from the Software Update pane in System\nPreferences, or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update\n2012-004. \n\nFor OS X Mountain Lion v10.8.1\nThe download file is named: OSXUpd10.8.2.dmg\nIts SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33\n\nFor OS X Mountain Lion v10.8\nThe download file is named: OSXUpdCombo10.8.2.dmg\nIts SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c\n\nFor OS X Lion v10.7.4\nThe download file is named: MacOSXUpd10.7.5.dmg\nIts SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532\n\nFor OS X Lion v10.7 and v10.7.3\nThe download file is named: MacOSXUpdCombo10.7.5.dmg\nIts SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b\n\nFor OS X Lion Server v10.7.4\nThe download file is named: MacOSXServerUpd10.7.5.dmg\nIts SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a\n\nFor OS X Lion Server v10.7 and v10.7.3\nThe download file is named: MacOSXServerUpdCombo10.7.5.dmg\nIts SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2012-004.dmg\nIts SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2012-004.dmg\nIts SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e\nQm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW\npc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE\nDQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO\nQyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n\n7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm\n7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO\nBOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5\nw4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3\n+9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK\nq5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2\nxyBfrQfG/dsif6jGHaot\n=8joH\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03316985\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03316985\nVersion: 1\n\nHPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial\nof Service (DoS), Unauthorized Modification and Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-05-15\nLast Updated: 2012-05-15\n\n- -----------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of service, unauthorized\nmodification and disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime\nEnvironment (JRE) and Java Developer Kit (JDK) running on HP-UX. These\nvulnerabilities may allow remote Denial of Service (DoS), unauthorized\nmodification and disclosure of information. \n\nReferences: CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462,\nCVE-2010-4465, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476,\nCVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0862, CVE-2011-0864,\nCVE-2011-0865, CVE-2011-0867, CVE-2011-0871, CVE-2011-3389, CVE-2011-3545,\nCVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3556,\nCVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0499, CVE-2012-0502,\nCVE-2012-0503, CVE-2012-0505, CVE-2012-0506\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-4447    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2010-4448    (AV:N/AC:H/Au:N/C:N/I:P/A:N)        2.6\nCVE-2010-4454    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2010-4462    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2010-4465    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2010-4469    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2010-4473    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2010-4475    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2010-4476    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2011-0802    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2011-0814    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2011-0815    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2011-0862    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2011-0864    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2011-0865    (AV:N/AC:H/Au:N/C:N/I:P/A:N)        2.6\nCVE-2011-0867    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2011-0871    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2011-3389    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2011-3545    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2011-3547    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2011-3548    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2011-3549    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2011-3552    (AV:N/AC:H/Au:N/C:N/I:P/A:N)        2.6\nCVE-2011-3556    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2011-3557    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2011-3560    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2011-3563    (AV:N/AC:L/Au:N/C:P/I:N/A:P)        6.4\nCVE-2012-0499    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2012-0502    (AV:N/AC:L/Au:N/C:P/I:N/A:P)        6.4\nCVE-2012-0503    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2012-0505    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2012-0506    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP is providing the following Java updates to resolve the vulnerabilities. \nThe updates are available from: http://www.hp.com/go/java\n\nThese issues are addressed in the following versions of the HP Java:\n\nHP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent\n\nMANUAL ACTIONS: Yes - Update\n\nFor Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant:\nHP-UX Software Assistant is an enhanced application that replaces HP-UX\nSecurity Patch Check. It analyzes all HP-issued Security Bulletins and lists\nrecommended actions that may apply to a specific HP-UX system. It can also\ndownload patches and create a depot automatically. For more information see:\nhttps://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJpi14.JPI14-COM\nJpi14.JPI14-COM-DOC\nJpi14.JPI14-IPF32\nJpi14.JPI14-PA11\nJdk14.JDK14-COM\nJdk14.JDK14-DEMO\nJdk14.JDK14-IPF32\nJdk14.JDK14-IPF64\nJdk14.JDK14-PA11\nJdk14.JDK14-PA20\nJdk14.JDK14-PA20W\nJdk14.JDK14-PNV2\nJdk14.JDK14-PWV2\nJre14.JRE14-COM\nJre14.JRE14-COM-DOC\nJre14.JRE14-IPF32\nJre14.JRE14-IPF32-HS\nJre14.JRE14-IPF64\nJre14.JRE14-IPF64-HS\nJre14.JRE14-PA11\nJre14.JRE14-PA11-HS\nJre14.JRE14-PA20\nJre14.JRE14-PA20-HS\nJre14.JRE14-PA20W\nJre14.JRE14-PA20W-HS\nJre14.JRE14-PNV2\nJre14.JRE14-PNV2-H\nJre14.JRE14-PWV2\nJre14.JRE14-PWV2-H\naction: install revision 1.4.2.28.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 15 May 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-3389"
          },
          {
            "db": "CERT/CC",
            "id": "VU#864643"
          },
          {
            "db": "BID",
            "id": "49778"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3389"
          },
          {
            "db": "PACKETSTORM",
            "id": "123310"
          },
          {
            "db": "PACKETSTORM",
            "id": "106640"
          },
          {
            "db": "PACKETSTORM",
            "id": "106901"
          },
          {
            "db": "PACKETSTORM",
            "id": "114005"
          },
          {
            "db": "PACKETSTORM",
            "id": "107051"
          },
          {
            "db": "PACKETSTORM",
            "id": "116406"
          },
          {
            "db": "PACKETSTORM",
            "id": "109207"
          },
          {
            "db": "PACKETSTORM",
            "id": "112108"
          },
          {
            "db": "PACKETSTORM",
            "id": "116792"
          },
          {
            "db": "PACKETSTORM",
            "id": "112826"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2011-3389",
            "trust": 2.3
          },
          {
            "db": "CERT/CC",
            "id": "VU#864643",
            "trust": 2.1
          },
          {
            "db": "SIEMENS",
            "id": "SSA-556833",
            "trust": 1.3
          },
          {
            "db": "BID",
            "id": "49778",
            "trust": 1.3
          },
          {
            "db": "SECUNIA",
            "id": "45791",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "55350",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "48256",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "47998",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "48915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "55351",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "49198",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "55322",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "48948",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "48692",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "74829",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1026103",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1029190",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1026704",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1025997",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "49388",
            "trust": 1.0
          },
          {
            "db": "USCERT",
            "id": "TA12-010A",
            "trust": 1.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-058-02",
            "trust": 1.0
          },
          {
            "db": "XF",
            "id": "70069",
            "trust": 0.4
          },
          {
            "db": "HITACHI",
            "id": "HS14-011",
            "trust": 0.3
          },
          {
            "db": "HITACHI",
            "id": "HS11-024",
            "trust": 0.3
          },
          {
            "db": "HITACHI",
            "id": "HS13-018",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-192-04",
            "trust": 0.3
          },
          {
            "db": "SECUNIA",
            "id": "46791",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3389",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "123310",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "106640",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "106901",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "114005",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "107051",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "116406",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "109207",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "112108",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "116792",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "112826",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#864643"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3389"
          },
          {
            "db": "BID",
            "id": "49778"
          },
          {
            "db": "PACKETSTORM",
            "id": "123310"
          },
          {
            "db": "PACKETSTORM",
            "id": "106640"
          },
          {
            "db": "PACKETSTORM",
            "id": "106901"
          },
          {
            "db": "PACKETSTORM",
            "id": "114005"
          },
          {
            "db": "PACKETSTORM",
            "id": "107051"
          },
          {
            "db": "PACKETSTORM",
            "id": "116406"
          },
          {
            "db": "PACKETSTORM",
            "id": "109207"
          },
          {
            "db": "PACKETSTORM",
            "id": "112108"
          },
          {
            "db": "PACKETSTORM",
            "id": "116792"
          },
          {
            "db": "PACKETSTORM",
            "id": "112826"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3389"
          }
        ]
      },
      "id": "VAR-201109-0130",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.33862434333333336
      },
      "last_update_date": "2026-04-10T22:16:45.123000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Debian CVElist Bug Report Logs: CVE-2011-4362: DoS because of incorrect code in src/http_auth.c:67",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=210cf4b6236578faf8f94374acf42746"
          },
          {
            "title": "Debian CVElist Bug Report Logs: nss: CVE-2014-1569 information leak",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ab91355beed7b295ca76667e7725b8ff"
          },
          {
            "title": "Red Hat: Critical: java-1.4.2-ibm security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120006 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-2398-2 curl -- several vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=aedc7511d582d3d92a5ba7329ed7d34e"
          },
          {
            "title": "Red Hat: Moderate: java-1.4.2-ibm-sap security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120343 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-2368-1 lighttpd -- multiple vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=013e897d92ab510d8719f5ffc2cb7e80"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=43a9f1e298f8daf772ebfe7187e61853"
          },
          {
            "title": "Debian CVElist Bug Report Logs: asterisk: CVE-2015-3008: TLS Certificate Common name NULL byte exploit",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=3dcc7cafafedb5ec8b84970acf17457b"
          },
          {
            "title": "Red Hat: Critical: java-1.6.0-ibm security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120034 - Security Advisory"
          },
          {
            "title": "Debian CVElist Bug Report Logs: asterisk: chan_sip: File descriptors leak (UDP sockets) / AST-2016-007, CVE-2016-7551",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=84da1980846b47c2025a829646fab2ad"
          },
          {
            "title": "Red Hat: Critical: thunderbird security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20121089 - Security Advisory"
          },
          {
            "title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 regression",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-2"
          },
          {
            "title": "Red Hat: Critical: firefox security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20121088 - Security Advisory"
          },
          {
            "title": "Ubuntu Security Notice: icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-1"
          },
          {
            "title": "Debian Security Advisories: DSA-2356-1 openjdk-6 -- several vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a48d7ee302b835c97c950b74a371fcfe"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2011-010",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-010"
          },
          {
            "title": "IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=38227211accce022b0a3d9b56a974186"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
          },
          {
            "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory"
          },
          {
            "title": "litecoin_demo",
            "trust": 0.1,
            "url": "https://github.com/swod00/litecoin_demo "
          },
          {
            "title": "litecoin",
            "trust": 0.1,
            "url": "https://github.com/daniel1302/litecoin "
          },
          {
            "title": "reg",
            "trust": 0.1,
            "url": "https://github.com/genuinetools/reg "
          },
          {
            "title": "testssl-report",
            "trust": 0.1,
            "url": "https://github.com/tzaffi/testssl-report "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/ricardobranco777/regview "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Valdem88/dev-17_ib-yakovlev_vs "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2011-3389"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-326",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-3389"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.1,
            "url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
          },
          {
            "trust": 1.8,
            "url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
          },
          {
            "trust": 1.8,
            "url": "http://vnhacker.blogspot.com/2011/09/beast.html"
          },
          {
            "trust": 1.8,
            "url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
          },
          {
            "trust": 1.8,
            "url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
          },
          {
            "trust": 1.6,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03839862"
          },
          {
            "trust": 1.4,
            "url": "http://curl.haxx.se/docs/adv_20120124b.html"
          },
          {
            "trust": 1.3,
            "url": "http://www.opera.com/docs/changelogs/windows/1160/"
          },
          {
            "trust": 1.3,
            "url": "http://www.opera.com/support/kb/view/1004/"
          },
          {
            "trust": 1.3,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "trust": 1.3,
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
          },
          {
            "trust": 1.3,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
          },
          {
            "trust": 1.3,
            "url": "http://www.kb.cert.org/vuls/id/864643"
          },
          {
            "trust": 1.1,
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=665814"
          },
          {
            "trust": 1.1,
            "url": "http://www.ubuntu.com/usn/usn-1263-1"
          },
          {
            "trust": 1.1,
            "url": "http://rhn.redhat.com/errata/rhsa-2012-0508.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "trust": 1.0,
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14752"
          },
          {
            "trust": 1.0,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
          },
          {
            "trust": 1.0,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2012/may/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://ekoparty.org/2011/juliano-rizzo.php"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/47998"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/55351"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://technet.microsoft.com/security/advisory/2588513"
          },
          {
            "trust": 1.0,
            "url": "http://www.securitytracker.com/id/1029190"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/49388"
          },
          {
            "trust": 1.0,
            "url": "http://osvdb.org/74829"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2012/feb/msg00000.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.insecure.cl/beast-ssl.rar"
          },
          {
            "trust": 1.0,
            "url": "http://www.securitytracker.com/id?1026704"
          },
          {
            "trust": 1.0,
            "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.apple.com/kb/ht5001"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:058"
          },
          {
            "trust": 1.0,
            "url": "http://support.apple.com/kb/ht5501"
          },
          {
            "trust": 1.0,
            "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html"
          },
          {
            "trust": 1.0,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.opera.com/docs/changelogs/unix/1160/"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/48915"
          },
          {
            "trust": 1.0,
            "url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/49198"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/48948"
          },
          {
            "trust": 1.0,
            "url": "http://www.opera.com/docs/changelogs/mac/1160/"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2012/jul/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2012-0006.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securitytracker.com/id?1026103"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00004.html"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00002.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/48692"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
          },
          {
            "trust": 1.0,
            "url": "http://downloads.asterisk.org/pub/security/ast-2016-001.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2012/dsa-2398"
          },
          {
            "trust": 1.0,
            "url": "https://hermes.opensuse.org/messages/13155432"
          },
          {
            "trust": 1.0,
            "url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.apple.com/kb/ht5281"
          },
          {
            "trust": 1.0,
            "url": "http://www.opera.com/docs/changelogs/mac/1151/"
          },
          {
            "trust": 1.0,
            "url": "http://www.opera.com/docs/changelogs/windows/1151/"
          },
          {
            "trust": 1.0,
            "url": "http://eprint.iacr.org/2006/136"
          },
          {
            "trust": 1.0,
            "url": "http://www.opera.com/docs/changelogs/unix/1151/"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/48256"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/45791"
          },
          {
            "trust": 1.0,
            "url": "http://www.us-cert.gov/cas/techalerts/ta12-010a.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.apple.com/kb/ht6150"
          },
          {
            "trust": 1.0,
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/55350"
          },
          {
            "trust": 1.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-02"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/55322"
          },
          {
            "trust": 1.0,
            "url": "http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "trust": 1.0,
            "url": "http://isc.sans.edu/diary/ssl+tls+part+3+/11635"
          },
          {
            "trust": 1.0,
            "url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
          },
          {
            "trust": 1.0,
            "url": "http://support.apple.com/kb/ht4999"
          },
          {
            "trust": 1.0,
            "url": "https://hermes.opensuse.org/messages/13154861"
          },
          {
            "trust": 1.0,
            "url": "http://www.securitytracker.com/id?1025997"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/49778"
          },
          {
            "trust": 1.0,
            "url": "http://support.apple.com/kb/ht5130"
          },
          {
            "trust": 1.0,
            "url": "http://eprint.iacr.org/2004/111"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/~bodo/tls-cbc.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.phonefactor.com/blog/slaying-beast-mitigating-the-latest-ssltls-vulnerability.php"
          },
          {
            "trust": 0.8,
            "url": "https://blog.torproject.org/blog/tor-and-beast-ssl-attack"
          },
          {
            "trust": 0.8,
            "url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=97269"
          },
          {
            "trust": 0.8,
            "url": "http://www.ekoparty.org/2011/juliano-rizzo.php"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
          },
          {
            "trust": 0.4,
            "url": "http://xforce.iss.net/xforce/xfdb/70069"
          },
          {
            "trust": 0.4,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21568229"
          },
          {
            "trust": 0.3,
            "url": "http://www.collax.com/download/file/target/frame/file/2926"
          },
          {
            "trust": 0.3,
            "url": "http://www.collax.com/produkte/allinone-server-for-small-businesses"
          },
          {
            "trust": 0.3,
            "url": "http://www.collax.com/download/file/target/frame/file/2930"
          },
          {
            "trust": 0.3,
            "url": "http://www.collax.com/produkte/email-calendar-contacts-in-a-safe-business-server"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21578730"
          },
          {
            "trust": 0.3,
            "url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3389_chosen_plaintext2"
          },
          {
            "trust": 0.3,
            "url": "seclists.org/bugtraq/2014/apr/att-70/esa-2012-032.txt"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2012/sep/att-39/esa-2012-032.txt"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2014/mar/att-156/esa-2014-016.txt"
          },
          {
            "trust": 0.3,
            "url": "http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/"
          },
          {
            "trust": 0.3,
            "url": "http://www.kerio.com/connect/history"
          },
          {
            "trust": 0.3,
            "url": "http://www.matrixssl.org/"
          },
          {
            "trust": 0.3,
            "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_python"
          },
          {
            "trust": 0.3,
            "url": "http://www.novell.com/support/viewcontent.do?externalid=7009901\u0026sliceid=1"
          },
          {
            "trust": 0.3,
            "url": "http://www.opera.com/support/kb/view/1000/"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm60958"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_system_x_and_flex_systems_browser_exploit_against_ssl_tls_beast_mitigations_cve_2011_33891?lang=en_us"
          },
          {
            "trust": 0.3,
            "url": "http://tools.ietf.org/html/draft-ietf-tls-ssl-version3-00"
          },
          {
            "trust": 0.3,
            "url": "http://www.ietf.org/rfc/rfc2246.txt"
          },
          {
            "trust": 0.3,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21571596"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/524142"
          },
          {
            "trust": 0.3,
            "url": "http://support.apple.com/kb/ht5416"
          },
          {
            "trust": 0.3,
            "url": "http://support.avaya.com/css/p8/documents/100151219"
          },
          {
            "trust": 0.3,
            "url": "http://support.avaya.com/css/p8/documents/100150852"
          },
          {
            "trust": 0.3,
            "url": "http://support.avaya.com/css/p8/documents/100154049"
          },
          {
            "trust": 0.3,
            "url": "http://support.avaya.com/css/p8/documents/100154899"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2013/jun/att-65/esa-2013-039.txt"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587"
          },
          {
            "trust": 0.3,
            "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150"
          },
          {
            "trust": 0.3,
            "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03266681\u0026ac.admitted=1333452464452.876444892.492883150"
          },
          {
            "trust": 0.3,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093636"
          },
          {
            "trust": 0.3,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-04"
          },
          {
            "trust": 0.3,
            "url": "http://technet.microsoft.com/en-us/security/advisory/2588513"
          },
          {
            "trust": 0.3,
            "url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-006"
          },
          {
            "trust": 0.3,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-018/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845"
          },
          {
            "trust": 0.3,
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093630"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022152"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1019998"
          },
          {
            "trust": 0.3,
            "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-011/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.xerox.com/download/security/security-bulletin/12047-4e4eed8d42ca6/cert_xrx13-007_v1.0.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557"
          },
          {
            "trust": 0.2,
            "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2311"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2358"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2357"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2362"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2364"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4821"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2359"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2329"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5217"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2335"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2356"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2336"
          },
          {
            "trust": 0.1,
            "url": "http://h18013.www1.hp.com/products/servers/management/agents/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2355"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2360"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/glsa/glsa-201111-02.xml"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/46791/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/46791/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/resources/events/sc_2011/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46791"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4944"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0845"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4944"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0876"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1150"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4940"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0845"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0876"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3389"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4940"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1150"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.10.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.04.2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.1.1-0ubuntu1~11.04.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b23~pre11-0ubuntu1.11.10"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~11.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b22-1.10.4-0ubuntu1~11.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.04.2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3377"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.10.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.1.3-1ubuntu1.1"
          },
          {
            "trust": 0.1,
            "url": "https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604."
          },
          {
            "trust": 0.1,
            "url": "http://www.emc.com/contact-us/contact/product-security-response-center.html"
          },
          {
            "trust": 0.1,
            "url": "https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3."
          },
          {
            "trust": 0.1,
            "url": "https://knowledge.rsasecurity.com"
          },
          {
            "trust": 0.1,
            "url": "http://www.rsa.com/node.aspx?id=1204."
          },
          {
            "trust": 0.1,
            "url": "http://www.rsa.com/node.aspx?id=1264"
          },
          {
            "trust": 0.1,
            "url": "http://www.rsa.com/node.aspx?id=2575"
          },
          {
            "trust": 0.1,
            "url": "https://knowledge.rsasecurity.com,"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.1,
            "url": "http://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "http://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0507"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0503"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#critical"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0501"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0498"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/knowledge/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0502"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0505"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/#package"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0506"
          },
          {
            "trust": 0.1,
            "url": "http://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.php.net"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2688"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3718"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4313"
          },
          {
            "trust": 0.1,
            "url": "http://http//support.apple.com/kb/ht5502"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3048"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031"
          },
          {
            "trust": 0.1,
            "url": "http://support.apple.com/kb/ht1222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0668"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3368"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317"
          },
          {
            "trust": 0.1,
            "url": "http://www.apple.com/support/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0831"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0670"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0671"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1173"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2143"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1172"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0652"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4599"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1667"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2386"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0650"
          },
          {
            "trust": 0.1,
            "url": "http://gpgtools.org"
          },
          {
            "trust": 0.1,
            "url": "http://httpd.apache.org/."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3026"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0643"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3716"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0864"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545"
          },
          {
            "trust": 0.1,
            "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4454"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0815"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/go/java"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4462"
          },
          {
            "trust": 0.1,
            "url": "https://www.hp.com/go/swa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862"
          },
          {
            "trust": 0.1,
            "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4475"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4473"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4447"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#864643"
          },
          {
            "db": "BID",
            "id": "49778"
          },
          {
            "db": "PACKETSTORM",
            "id": "123310"
          },
          {
            "db": "PACKETSTORM",
            "id": "106640"
          },
          {
            "db": "PACKETSTORM",
            "id": "106901"
          },
          {
            "db": "PACKETSTORM",
            "id": "114005"
          },
          {
            "db": "PACKETSTORM",
            "id": "107051"
          },
          {
            "db": "PACKETSTORM",
            "id": "116406"
          },
          {
            "db": "PACKETSTORM",
            "id": "109207"
          },
          {
            "db": "PACKETSTORM",
            "id": "112108"
          },
          {
            "db": "PACKETSTORM",
            "id": "116792"
          },
          {
            "db": "PACKETSTORM",
            "id": "112826"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3389"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#864643",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3389",
            "ident": null
          },
          {
            "db": "BID",
            "id": "49778",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "123310",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "106640",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "106901",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "114005",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "107051",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "116406",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "109207",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "112108",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "116792",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "112826",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3389",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-09-27T00:00:00",
            "db": "CERT/CC",
            "id": "VU#864643",
            "ident": null
          },
          {
            "date": "2011-09-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-3389",
            "ident": null
          },
          {
            "date": "2011-09-19T00:00:00",
            "db": "BID",
            "id": "49778",
            "ident": null
          },
          {
            "date": "2013-09-19T22:22:00",
            "db": "PACKETSTORM",
            "id": "123310",
            "ident": null
          },
          {
            "date": "2011-11-06T01:01:42",
            "db": "PACKETSTORM",
            "id": "106640",
            "ident": null
          },
          {
            "date": "2011-11-12T02:51:49",
            "db": "PACKETSTORM",
            "id": "106901",
            "ident": null
          },
          {
            "date": "2012-06-21T05:28:48",
            "db": "PACKETSTORM",
            "id": "114005",
            "ident": null
          },
          {
            "date": "2011-11-17T02:34:27",
            "db": "PACKETSTORM",
            "id": "107051",
            "ident": null
          },
          {
            "date": "2012-09-11T16:00:16",
            "db": "PACKETSTORM",
            "id": "116406",
            "ident": null
          },
          {
            "date": "2012-01-31T02:55:32",
            "db": "PACKETSTORM",
            "id": "109207",
            "ident": null
          },
          {
            "date": "2012-04-23T20:54:36",
            "db": "PACKETSTORM",
            "id": "112108",
            "ident": null
          },
          {
            "date": "2012-09-22T06:30:43",
            "db": "PACKETSTORM",
            "id": "116792",
            "ident": null
          },
          {
            "date": "2012-05-17T21:16:37",
            "db": "PACKETSTORM",
            "id": "112826",
            "ident": null
          },
          {
            "date": "2011-09-06T19:55:03.197000",
            "db": "NVD",
            "id": "CVE-2011-3389",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-12-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#864643",
            "ident": null
          },
          {
            "date": "2022-11-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-3389",
            "ident": null
          },
          {
            "date": "2019-07-16T13:00:00",
            "db": "BID",
            "id": "49778",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-3389",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "49778"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "_id": null,
        "data": "SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#864643"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Design Error",
        "sources": [
          {
            "db": "BID",
            "id": "49778"
          }
        ],
        "trust": 0.3
      }
    }