what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

CVE-2023-27535

Status Candidate

Overview

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.

Related Files

Gentoo Linux Security Advisory 202310-12
Posted Oct 11, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-12 - Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. Versions greater than or equal to 8.3.0-r2 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321
SHA-256 | 3d74f33aacaddb6a8bc503eb43a420da64cb7375f9303e7a1b65cded7a8b82f6
Red Hat Security Advisory 2023-4657-01
Posted Aug 23, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4657-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.2. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-36227, CVE-2023-1667, CVE-2023-2283, CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-26604, CVE-2023-27535, CVE-2023-29400
SHA-256 | d4bae85500f09cf097973f88a075fff6d34d937accbd3b8213b8c808023ce982
Red Hat Security Advisory 2023-4575-01
Posted Aug 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4575-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-36227, CVE-2023-0361, CVE-2023-1667, CVE-2023-2283, CVE-2023-26604, CVE-2023-27535, CVE-2023-3089, CVE-2023-38408
SHA-256 | a98593a8060ade811648ba5d5dd712824690b84a705e28c8fe1981b12209ee79
Red Hat Security Advisory 2023-4576-01
Posted Aug 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4576-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-35252, CVE-2022-36227, CVE-2022-43552, CVE-2023-0361, CVE-2023-1667, CVE-2023-2283, CVE-2023-24329, CVE-2023-26604, CVE-2023-27535, CVE-2023-3089, CVE-2023-38408
SHA-256 | b9b138ef5ed2017d1d6071fb95c69743b0800e58f2f41055d4d6bcb0d2caee06
Red Hat Security Advisory 2023-4488-01
Posted Aug 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4488-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.

tags | advisory
systems | linux, redhat, windows
advisories | CVE-2020-24736, CVE-2022-27191, CVE-2022-30629, CVE-2022-35252, CVE-2022-36227, CVE-2022-43552, CVE-2023-0361, CVE-2023-1667, CVE-2023-2283, CVE-2023-25173, CVE-2023-26604, CVE-2023-27535
SHA-256 | 252acb6439c37d57d435d183f3aa4787523afbcaecc3e6fbfba5f267fd67ba49
Red Hat Security Advisory 2023-4475-01
Posted Aug 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4475-01 - Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-36227, CVE-2023-1667, CVE-2023-2283, CVE-2023-26604, CVE-2023-27535, CVE-2023-3089
SHA-256 | 5a99e222d213dbe2342e0393e6098878ebf40578b53a89010d0aa852634b2e29
Red Hat Security Advisory 2023-4286-01
Posted Jul 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4286-01 - Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-36227, CVE-2022-48281, CVE-2023-1667, CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-2283, CVE-2023-25193, CVE-2023-26604, CVE-2023-27535, CVE-2023-28466
SHA-256 | d5d35601175060e7441b9a1481c61970c832969895ba21bcfab1b55787d9e0f1
Red Hat Security Advisory 2023-4238-01
Posted Jul 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4238-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-2795, CVE-2022-36227, CVE-2022-40023, CVE-2023-1667, CVE-2023-2283, CVE-2023-24329, CVE-2023-2491, CVE-2023-26604, CVE-2023-27535, CVE-2023-3089
SHA-256 | ece8c1f8ab625b121b6be0294dd162f351925abc3f0ff0931dd33e90ff46a1a1
Red Hat Security Advisory 2023-4025-01
Posted Jul 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4025-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat, windows
advisories | CVE-2022-36227, CVE-2023-0361, CVE-2023-25173, CVE-2023-27535
SHA-256 | 44df9bd2f76286c5413fd65a278a9ce79e084219d6e99cacaf86f41a1b126c63
Red Hat Security Advisory 2023-3918-01
Posted Jun 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3918-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-36227, CVE-2022-3627, CVE-2022-3970, CVE-2022-41723, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-24540, CVE-2023-2491, CVE-2023-27535, CVE-2023-29400
SHA-256 | 3c9cda8faf583f4e7bf0ad5ea35198b07d077a8396a9f233df6466a99c4e32a5
Red Hat Security Advisory 2023-3905-01
Posted Jun 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3905-01 - Network Observability 1.3.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. This update contains bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-28805, CVE-2022-36227, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-24539, CVE-2023-24540, CVE-2023-2650, CVE-2023-27535, CVE-2023-29400
SHA-256 | 9c1a4b3b6b1779c22972b35dae1d77dc4ebc7de0dffbdefb344d5318801994ff
Red Hat Security Advisory 2023-3813-01
Posted Jun 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3813-01 - An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-3782, CVE-2022-36227, CVE-2022-3627, CVE-2022-3970, CVE-2022-4492, CVE-2023-0361, CVE-2023-2491, CVE-2023-27535
SHA-256 | 4a6085b8018ab9119a04178776c94e000071d542fb3b2c381d6905231da0cdc1
Red Hat Security Advisory 2023-3342-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3342-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.13. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2020-16250, CVE-2022-36227, CVE-2023-0361, CVE-2023-27535
SHA-256 | 5813a13210ed8e54dc4702cd68bd86626f42460b625c85cdf1c29d002e4fa0ba
Red Hat Security Advisory 2023-3609-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3609-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-2795, CVE-2022-3172, CVE-2022-36227, CVE-2022-40023, CVE-2023-2491, CVE-2023-27535
SHA-256 | 367908d515f3cf0e775f468ffbdcde02036bef8c556cc51467e799ad30fe043d
Red Hat Security Advisory 2023-3435-01
Posted Jun 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3435-01 - This release of RHACS 3.74.4 includes a fix for CVE-2023-24540 by building RHACS with updated Golang.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-2795, CVE-2022-36227, CVE-2023-24539, CVE-2023-24540, CVE-2023-2491, CVE-2023-27535, CVE-2023-29400
SHA-256 | 4fe2d77bc3da788cf0ca6899dcfd04ef999f40d4632db9fff2cc42c4509dccac
Red Hat Security Advisory 2023-3379-01
Posted Jun 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3379-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security fixes. This release of RHACS includes a fix for CVE-2023-24540 by building RHACS with updated Golang.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-2795, CVE-2022-36227, CVE-2023-0361, CVE-2023-24540, CVE-2023-2491, CVE-2023-27535
SHA-256 | 1d1e87c38beec522c88f4304f1731c2ed4c8da7214c1f5cfefcc60974e8ff8ee
Red Hat Security Advisory 2023-3353-01
Posted Jun 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3353-01 - Multicluster Engine for Kubernetes 2.0.9 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-2795, CVE-2022-2928, CVE-2022-2929, CVE-2022-36227, CVE-2022-41973, CVE-2023-27535, CVE-2023-32313, CVE-2023-32314
SHA-256 | 3259357087069c7cede7d4a1f9d247d83aa1cea98953350f94e3c61ffdd04f6c
Red Hat Security Advisory 2023-3373-02
Posted Jun 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3373-02 - Migration Toolkit for Runtimes 1.1.0 Images. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-46877, CVE-2022-36227, CVE-2022-41854, CVE-2022-41881, CVE-2023-0361, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-27535, CVE-2023-28617
SHA-256 | 7678ca0b7bd958e85ffc13d8fdb5d08a983bdc9c706896d0141a71287a108a11
Red Hat Security Advisory 2023-3325-01
Posted May 26, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3325-01 - Multicluster Engine for Kubernetes 2.1.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-2795, CVE-2022-2928, CVE-2022-2929, CVE-2022-36227, CVE-2022-41973, CVE-2023-0361, CVE-2023-27535, CVE-2023-32313, CVE-2023-32314
SHA-256 | e2676c14bb68a93168f72bef58e1e6585077119c14c9897091aa44d7a331beb3
Red Hat Security Advisory 2023-3296-01
Posted May 25, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3296-01 - Multicluster Engine for Kubernetes 2.2.4 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-2795, CVE-2022-2928, CVE-2022-2929, CVE-2022-31690, CVE-2022-31692, CVE-2022-3172, CVE-2022-36227, CVE-2022-41973, CVE-2022-42889, CVE-2023-0361, CVE-2023-24422, CVE-2023-2491, CVE-2023-25725, CVE-2023-27535
SHA-256 | 0d190181de187a85cca97396c686e2bf391eef8e2f72f844b36951fbeb15a493
Red Hat Security Advisory 2023-3297-01
Posted May 25, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3297-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-36227, CVE-2023-0361, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-27535, CVE-2023-29007, CVE-2023-32313, CVE-2023-32314
SHA-256 | a9c95cee3c3f2ef8153d088eeac3a325877fe0187e2772e5100d0e99f69c0a20
Red Hat Security Advisory 2023-3265-01
Posted May 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3265-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-23539, CVE-2022-24999, CVE-2022-36227, CVE-2022-40023, CVE-2023-0361, CVE-2023-27535, CVE-2023-28617
SHA-256 | 2f4d2ce380c06ad992921a601a6736c8d549adc40181508ee18c6df486235315
Red Hat Security Advisory 2023-3106-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3106-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2023-27535
SHA-256 | 43c394299ac0168fef5809daea033982f40ef17d2e4f14b297545d074bd385ba
Red Hat Security Advisory 2023-2650-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2650-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2023-27535
SHA-256 | aa2cda9cceb2ae0f7b42ecbdc2571a54f07ef616ae047dc07b066efc5bd5c77f
Ubuntu Security Notice USN-5964-1
Posted Mar 21, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5964-1 - Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to the server as provided, contrary to expectations. Harry Sintonen discovered that curl incorrectly handled special tilde characters when used with SFTP paths. A remote attacker could possibly use this issue to circumvent filtering.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538
SHA-256 | 7303af9763b09b697c1acbc39214d51f90dd82cd2f8e2e8bd2040d6a4b2ec3e8
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close