The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-e9d65906c4 advisory.

    - url: use IDN decoded names for HSTS checks (CVE-2022-42916)
    - http_proxy: restore the protocol pointer on error (CVE-2022-42915)
    - netrc: replace fgets with Curl_get_line (CVE-2022-35260)
    - fix POST following PUT confusion (CVE-2022-32221)


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-39688a779d advisory.

    - url: use IDN decoded names for HSTS checks (CVE-2022-42916)
    - http_proxy: restore the protocol pointer on error (CVE-2022-42915)
    - netrc: replace fgets with Curl_get_line (CVE-2022-35260)
    - fix POST following PUT confusion (CVE-2022-32221)


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4139 advisory.

    The curl packages provide the libcurl library and the curl utility for downloading files from servers     using various protocols, including HTTP, FTP, and LDAP.

    Security Fix(es):

    * curl: POST following PUT confusion (CVE-2022-32221)

    * curl: HTTP multi-header compression denial of service (CVE-2023-23916)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-01ffde372c advisory.

    - url: use IDN decoded names for HSTS checks (CVE-2022-42916)
    - http_proxy: restore the protocol pointer on error (CVE-2022-42915)
    - netrc: replace fgets with Curl_get_line (CVE-2022-35260)
    - fix POST following PUT confusion (CVE-2022-32221)


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3772-1 advisory.

  - When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to     ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle     previously was used to issue a `PUT` request which used that callback. This flaw may surprise the     application and cause it to misbehave and either send off the wrong data or use memory after free or     similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is     changed from a PUT to a POST. (CVE-2022-32221)

  - When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control     codes that when later are sent back to a HTTPserver might make the server return 400 responses.
    Effectively allowing asister site to deny service to all siblings. (CVE-2022-35252)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0808 advisory.

  - The go command may execute arbitrary code at build time when using cgo. This may occur when running go     get on a malicious module, or when running any other command which builds untrusted code. This is can by     triggered by linker flags, specified via a #cgo LDFLAGS directive. Flags containing embedded spaces are     mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in     the argument of another flag. This only affects usage of the gccgo compiler. (CVE-2023-29405)

  - When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by     finalizing the operation with a rename from a temporary name to the final target file name.In that rename     operation, it might accidentally *widen* the permissions for the target file, leaving the updated file     accessible to more users than intended. (CVE-2022-32207)

  - decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. (CVE-2022-38900)

  - The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
    (CVE-2022-33987)

  - Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the     name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3. (CVE-2022-37601)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
211079	Fedora 37 : curl (2022-e9d65906c4)	Nessus	Fedora Local Security Checks	11/14/2024	11/14/2024	critical
169128	Fedora 35 : curl (2022-39688a779d)	Nessus	Fedora Local Security Checks	12/22/2022	11/14/2024	critical
178430	RHEL 9 : curl (RHSA-2023:4139)	Nessus	Red Hat Local Security Checks	7/18/2023	11/7/2024	critical
169063	Fedora 36 : curl (2022-01ffde372c)	Nessus	Fedora Local Security Checks	12/22/2022	11/15/2024	critical
166583	SUSE SLES12 Security Update : curl (SUSE-SU-2022:3772-1)	Nessus	SuSE Local Security Checks	10/27/2022	7/13/2023	critical
194928	Splunk Enterprise 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0808)	Nessus	CGI abuses	5/2/2024	7/29/2024	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical