| CRITICAL |
CVE-2023-23914 |
HSTS ignored on multiple requests |
curl |
7.83.1-r4 |
7.83.1-r6 |
| CRITICAL |
CVE-2023-27536 |
GSS delegation too eager connection re-use |
curl |
7.83.1-r4 |
8.0.1-r0 |
| CRITICAL |
CVE-2023-23914 |
HSTS ignored on multiple requests |
libcurl |
7.83.1-r5 |
7.83.1-r6 |
| CRITICAL |
CVE-2023-27536 |
GSS delegation too eager connection re-use |
libcurl |
7.83.1-r5 |
8.0.1-r0 |
| HIGH |
CVE-2022-43551 |
curl: HSTS bypass via IDN |
curl |
7.83.1-r4 |
7.83.1-r5 |
| HIGH |
CVE-2023-27533 |
TELNET option IAC injection |
curl |
7.83.1-r4 |
8.0.1-r0 |
| HIGH |
CVE-2023-27534 |
SFTP path ~ resolving discrepancy |
curl |
7.83.1-r4 |
8.0.1-r0 |
| HIGH |
CVE-2023-27535 |
FTP too eager connection reuse |
curl |
7.83.1-r4 |
8.0.1-r0 |
| HIGH |
CVE-2023-23946 |
a path outside the working tree can be overwritten with crafted input |
git |
2.36.4-r0 |
2.36.5-r0 |
| HIGH |
CVE-2023-25652 |
by feeding specially crafted input to git apply --reject, a path outside the working tree can be o |
git |
2.36.4-r0 |
2.36.6-r0 |
| HIGH |
CVE-2023-29007 |
arbitrary configuration injection when renaming or deleting a section from a configuration file |
git |
2.36.4-r0 |
2.36.6-r0 |
| HIGH |
CVE-2022-4450 |
double free after calling PEM_read_bio_ex |
libcrypto1.1 |
1.1.1s-r0 |
1.1.1t-r0 |
| HIGH |
CVE-2023-0215 |
use-after-free following BIO_new_NDEF |
libcrypto1.1 |
1.1.1s-r0 |
1.1.1t-r0 |
| HIGH |
CVE-2023-0286 |
X.400 address type confusion in X.509 GeneralName |
libcrypto1.1 |
1.1.1s-r0 |
1.1.1t-r0 |
| HIGH |
CVE-2023-0464 |
Denial of service by excessive resource usage in verifying X509 policy constraints |
libcrypto1.1 |
1.1.1s-r0 |
1.1.1t-r1 |
| HIGH |
CVE-2023-27533 |
TELNET option IAC injection |
libcurl |
7.83.1-r5 |
8.0.1-r0 |
| HIGH |
CVE-2023-27534 |
SFTP path ~ resolving discrepancy |
libcurl |
7.83.1-r5 |
8.0.1-r0 |
| HIGH |
CVE-2023-27535 |
FTP too eager connection reuse |
libcurl |
7.83.1-r5 |
8.0.1-r0 |
| HIGH |
CVE-2022-4450 |
double free after calling PEM_read_bio_ex |
libssl1.1 |
1.1.1s-r0 |
1.1.1t-r0 |
| HIGH |
CVE-2023-0215 |
use-after-free following BIO_new_NDEF |
libssl1.1 |
1.1.1s-r0 |
1.1.1t-r0 |
| HIGH |
CVE-2023-0286 |
X.400 address type confusion in X.509 GeneralName |
libssl1.1 |
1.1.1s-r0 |
1.1.1t-r0 |
| HIGH |
CVE-2023-0464 |
Denial of service by excessive resource usage in verifying X509 policy constraints |
libssl1.1 |
1.1.1s-r0 |
1.1.1t-r1 |
| HIGH |
CVE-2023-29491 |
Local users can trigger security-relevant memory corruption via malformed data |
ncurses-libs |
6.3_p20220521-r0 |
6.3_p20220521-r1 |
| HIGH |
CVE-2023-29491 |
Local users can trigger security-relevant memory corruption via malformed data |
ncurses-terminfo-base |
6.3_p20220521-r0 |
6.3_p20220521-r1 |
| HIGH |
CVE-2022-4450 |
double free after calling PEM_read_bio_ex |
openssl |
1.1.1s-r0 |
1.1.1t-r0 |
| HIGH |
CVE-2023-0215 |
use-after-free following BIO_new_NDEF |
openssl |
1.1.1s-r0 |
1.1.1t-r0 |
| HIGH |
CVE-2023-0286 |
X.400 address type confusion in X.509 GeneralName |
openssl |
1.1.1s-r0 |
1.1.1t-r0 |
| HIGH |
CVE-2023-0464 |
Denial of service by excessive resource usage in verifying X509 policy constraints |
openssl |
1.1.1s-r0 |
1.1.1t-r1 |
| HIGH |
CVE-2022-24894 |
Symfony is a PHP framework for web and console applications and a set ... |
symfony/http-kernel |
v5.4.12 |
2.6.0, 3.3.0, 4.3.0, 2.2.0, 2.3.0, 3.4.0, 5.1.0, 6.2.6, 2.5.0, 3.2.0, 6.0.20, 3.0.0, 4.0.0, 4.2.0, 4.4.50, 2.4.0, 4.4.0, 5.3.0, 2.7.0, 2.8.0, 3.1.0, 4.1.0, 5.4.0, 5.4.20, 6.1.12, 2.1.0, 5.2.0 |
| MEDIUM |
CVE-2022-43552 |
Use-after-free triggered by an HTTP proxy deny response |
curl |
7.83.1-r4 |
7.83.1-r5 |
| MEDIUM |
CVE-2023-23915 |
HSTS amnesia with --parallel |
curl |
7.83.1-r4 |
7.83.1-r6 |
| MEDIUM |
CVE-2023-23916 |
HTTP multi-header compression denial of service |
curl |
7.83.1-r4 |
7.83.1-r6 |
| MEDIUM |
CVE-2023-27537 |
curl: HSTS double-free |
curl |
7.83.1-r4 |
8.0.1-r0 |
| MEDIUM |
CVE-2023-27538 |
SSH connection too eager reuse still |
curl |
7.83.1-r4 |
8.0.1-r0 |
| MEDIUM |
CVE-2023-28319 |
use after free in SSH sha256 fingerprint check |
curl |
7.83.1-r4 |
8.1.0-r0 |
| MEDIUM |
CVE-2023-28321 |
IDN wildcard match may lead to Improper Cerificate Validation |
curl |
7.83.1-r4 |
8.1.0-r0 |
| MEDIUM |
CVE-2023-28322 |
more POST-after-PUT confusion |
curl |
7.83.1-r4 |
8.1.0-r0 |
| MEDIUM |
CVE-2023-22490 |
data exfiltration with maliciously crafted repository |
git |
2.36.4-r0 |
2.36.5-r0 |
| MEDIUM |
CVE-2022-4304 |
timing attack in RSA Decryption implementation |
libcrypto1.1 |
1.1.1s-r0 |
1.1.1t-r0 |
| MEDIUM |
CVE-2023-0465 |
Invalid certificate policies in leaf certificates are silently ignored |
libcrypto1.1 |
1.1.1s-r0 |
1.1.1t-r2 |
| MEDIUM |
CVE-2023-2650 |
Possible DoS translating ASN.1 object identifiers |
libcrypto1.1 |
1.1.1s-r0 |
1.1.1u-r0 |
| MEDIUM |
CVE-2023-23915 |
HSTS amnesia with --parallel |
libcurl |
7.83.1-r5 |
7.83.1-r6 |
| MEDIUM |
CVE-2023-23916 |
HTTP multi-header compression denial of service |
libcurl |
7.83.1-r5 |
7.83.1-r6 |
| MEDIUM |
CVE-2023-27537 |
curl: HSTS double-free |
libcurl |
7.83.1-r5 |
8.0.1-r0 |
| MEDIUM |
CVE-2023-27538 |
SSH connection too eager reuse still |
libcurl |
7.83.1-r5 |
8.0.1-r0 |
| MEDIUM |
CVE-2023-28319 |
use after free in SSH sha256 fingerprint check |
libcurl |
7.83.1-r5 |
8.1.0-r0 |
| MEDIUM |
CVE-2023-28321 |
IDN wildcard match may lead to Improper Cerificate Validation |
libcurl |
7.83.1-r5 |
8.1.0-r0 |
| MEDIUM |
CVE-2023-28322 |
more POST-after-PUT confusion |
libcurl |
7.83.1-r5 |
8.1.0-r0 |
| MEDIUM |
CVE-2022-4304 |
timing attack in RSA Decryption implementation |
libssl1.1 |
1.1.1s-r0 |
1.1.1t-r0 |
| MEDIUM |
CVE-2023-0465 |
Invalid certificate policies in leaf certificates are silently ignored |
libssl1.1 |
1.1.1s-r0 |
1.1.1t-r2 |
| MEDIUM |
CVE-2023-2650 |
Possible DoS translating ASN.1 object identifiers |
libssl1.1 |
1.1.1s-r0 |
1.1.1u-r0 |
| MEDIUM |
CVE-2022-4304 |
timing attack in RSA Decryption implementation |
openssl |
1.1.1s-r0 |
1.1.1t-r0 |
| MEDIUM |
CVE-2023-0465 |
Invalid certificate policies in leaf certificates are silently ignored |
openssl |
1.1.1s-r0 |
1.1.1t-r2 |
| MEDIUM |
CVE-2023-2650 |
Possible DoS translating ASN.1 object identifiers |
openssl |
1.1.1s-r0 |
1.1.1u-r0 |
| MEDIUM |
CVE-2022-48303 |
heap buffer overflow at from_header() in list.c via specially crafted checksum |
tar |
1.34-r0 |
1.34-r1 |
| LOW |
CVE-2023-28320 |
siglongjmp race condition may lead to crash |
curl |
7.83.1-r4 |
8.1.0-r0 |
| LOW |
CVE-2023-25815 |
malicious placement of crafted messages when git was compiled with runtime prefix |
git |
2.36.4-r0 |
2.36.6-r0 |
| LOW |
CVE-2023-28320 |
siglongjmp race condition may lead to crash |
libcurl |
7.83.1-r5 |
8.1.0-r0 |