Lines 1-3
Link Here
|
|
|
1 |
<vuln vid="a4f8bb03-f52f-11ed-9859-080027083a05"> |
2 |
<topic>curl -- multiple vulnerabilities</topic> |
3 |
<affects> |
4 |
<package> |
5 |
<name>curl</name> |
6 |
<range><lt>8.1.0</lt></range> |
7 |
</package> |
8 |
</affects> |
9 |
<description> |
10 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
11 |
<p>Wei Chong Tan, Harry Sintonen, and Hiroki Kurosawa reports:</p> |
12 |
<blockquote cite="https://curl.se/docs/security.html"> |
13 |
<p>This update fixes 4 security vulnerabilities:</p> |
14 |
<ul> |
15 |
<li>Medium CVE-2023-28319: UAF in SSH sha256 fingerprint check. Reported by Wei Chong Tan on 2023-03-21</li> |
16 |
<li>Low CVE-2023-28320: siglongjmp race condition. Reported by Harry Sintonen on 2023-04-02</li> |
17 |
<li>Low CVE-2023-28321: IDN wildcard match. Reported by Hiroki Kurosawa on 2023-04-17</li> |
18 |
<li>Low CVE-2023-28322: more POST-after-PUT confusion. Reported by Hiroki Kurosawa on 2023-04-19</li> |
19 |
</ul> |
20 |
</blockquote> |
21 |
</body> |
22 |
</description> |
23 |
<references> |
24 |
<cvename>CVE-2023-28319</cvename> |
25 |
<url>https://curl.se/docs/CVE-2023-28319.html</url> |
26 |
<cvename>CVE-2023-28320</cvename> |
27 |
<url>https://curl.se/docs/CVE-2023-28320.html</url> |
28 |
<cvename>CVE-2023-28321</cvename> |
29 |
<url>https://curl.se/docs/CVE-2023-28321.html</url> |
30 |
<cvename>CVE-2023-28322</cvename> |
31 |
<url>https://curl.se/docs/CVE-2023-28322.html</url> |
32 |
</references> |
33 |
<dates> |
34 |
<discovery>2023-03-21</discovery> |
35 |
<entry>2023-05-18</entry> |
36 |
</dates> |
37 |
</vuln> |
38 |
|
1 |
<vuln vid="b09d77d0-b27c-48ae-b69b-9641bb68b39e"> |
39 |
<vuln vid="b09d77d0-b27c-48ae-b69b-9641bb68b39e"> |
2 |
<topic>electron -- vulnerability</topic> |
40 |
<topic>electron -- vulnerability</topic> |
3 |
<affects> |
41 |
<affects> |
4 |
- |
|
|