The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:3770-1 advisory.

  - When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to     ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle     previously was used to issue a `PUT` request which used that callback. This flaw may surprise the     application and cause it to misbehave and either send off the wrong data or use memory after free or     similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is     changed from a PUT to a POST. (CVE-2022-32221)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of curl installed on the remote host is prior to 7.86.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-299-01 advisory.

  - curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-     HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and     then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often     only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200     status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in     curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap,     ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. (CVE-2022-42915)

  - When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to     ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle     previously was used to issue a `PUT` request which used that callback. This flaw may surprise the     application and cause it to misbehave and either send off the wrong data or use memory after free or     similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is     changed from a PUT to a POST. (CVE-2022-32221)

  - curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095     consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based     buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a     segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide     a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-     of-service. (CVE-2022-35260)

  - In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS     support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step)     even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL     uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using     the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.).
    The earliest affected version is 7.77.0 2021-05-26. (CVE-2022-42916)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (cURL)).
    Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.
    (CVE-2022-32221)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions     that are affected are 5.7.40 and prior. Easily exploitable vulnerability allows high privileged attacker     with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-21840)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling).
    Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable     vulnerability allows high privileged attacker with network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a     partial denial of service (partial DOS) of MySQL Server. (CVE-2023-21963)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0333 advisory.

    The curl packages provide the libcurl library and the curl utility for downloading files from servers     using various protocols, including HTTP, FTP, and LDAP.

    Security Fix(es):

    * curl: POST following PUT confusion (CVE-2022-32221)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to     ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle     previously was used to issue a `PUT` request which used that callback. This flaw may surprise the     application and cause it to misbehave and either send off the wrong data or use memory after free or     similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is     changed from a PUT to a POST. (CVE-2022-32221)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are     affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with     authentication could leak credentials to other services that exist on different protocols or port numbers.
    (CVE-2022-27774)

  - A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or     cookie header data on HTTP redirects to the same host but another port number. (CVE-2022-27776)

  - curl < 7.84.0 supports 'chained' HTTP compression algorithms, meaning that a serverresponse can be     compressed multiple times and potentially with different algorithms. The number of acceptable 'links' in     this 'decompression chain' was unbounded, allowing a malicious server to insert a virtually unlimited     number of compression steps.The use of such a decompression chain could result in a 'malloc bomb',     makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of     memory errors. (CVE-2022-32206)

  - When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.
    This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject     data to the client. (CVE-2022-32208)

  - When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to     ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle     previously was used to issue a `PUT` request which used that callback. This flaw may surprise the     application and cause it to misbehave and either send off the wrong data or use memory after free or     similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is     changed from a PUT to a POST. (CVE-2022-32221)

  - When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control     codes that when later are sent back to a HTTPserver might make the server return 400 responses.
    Effectively allowing a'sister site' to deny service to all siblings. (CVE-2022-35252)

  - A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all     protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations.
    When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct     after it had been freed, in its transfer shutdown code path. (CVE-2022-43552)

  - An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the     'chained' HTTP compression algorithms, meaning that a server response can be compressed multiple times and     potentially with differentalgorithms. The number of acceptable 'links' in this 'decompression chain'     wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a     virtually unlimited number of compression steps simply byusing many headers. The use of such a     decompression chain could result in a 'malloc bomb', making curl end up spending enormous amounts of     allocated heap memory, or trying to and returning out of memory errors. (CVE-2023-23916)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.2. It is, therefore, affected by multiple vulnerabilities:

  - This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS     16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy     preferences. (CVE-2023-32438)

  - This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3, macOS     Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may be able     to access user-sensitive data. (CVE-2023-23499)

  - A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3,     macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.
    (CVE-2023-23520)

  - When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to     ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle     previously was used to issue a `PUT` request which used that callback. This flaw may surprise the     application and cause it to misbehave and either send off the wrong data or use memory after free or     similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is     changed from a PUT to a POST. (CVE-2022-32221)

  - curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095     consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based     buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a     segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide     a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-     of-service. (CVE-2022-35260)

  - curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-     HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and     then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often     only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200     status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in     curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap,     ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. (CVE-2022-42915)

  - In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS     support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step)     even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL     uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using     the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.).
    The earliest affected version is 7.77.0 2021-05-26. (CVE-2022-42916)

  - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur     11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba network share may     lead to arbitrary code execution. (CVE-2023-23513)

  - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura     13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.
    (CVE-2023-23539)

  - A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2,     macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user without     prompting for the password. (CVE-2023-23493)

  - The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and     iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura     13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report     that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
    (CVE-2023-41990)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3     and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated     privileges. (CVE-2023-23530, CVE-2023-23531)

  - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS     9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing an image may lead to a denial-of-     service. (CVE-2023-23519)

  - The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6.3, macOS     Ventura 13.2. An app may be able to execute arbitrary code with kernel privileges. (CVE-2023-23507)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS     Ventura 13.2, macOS Monterey 12.6.3. An app may be able to execute arbitrary code with kernel privileges.
    (CVE-2023-23516)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3     and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to leak     sensitive kernel state. (CVE-2023-23500)

  - An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in     macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be     able to determine kernel memory layout. (CVE-2023-23502)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS     Ventura 13.2, watchOS 9.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may     be able to execute arbitrary code with kernel privileges. (CVE-2023-23504)

  - A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.2. An     app may be able to access user-sensitive data. (CVE-2023-23506)

  - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.3 and iPadOS     15.7.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. The quoted original message may be selected from the     wrong email when forwarding an email from an Exchange account. (CVE-2023-23498)

  - A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS     16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass     Privacy preferences. (CVE-2023-23503)

  - A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS     16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a     primary eSIM. (CVE-2023-28208)

  - A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.3,     macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to gain root privileges. (CVE-2023-23497)

  - A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.2. An     app may be able to access a user's Safari history. (CVE-2023-23510)

  - The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.3, tvOS 16.3,     macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Visiting a website may lead to an app denial-of-service.
    (CVE-2023-23512)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS     15.7.3, iOS 16.3 and iPadOS 16.3. An app may be able to access information about a user's contacts.
    (CVE-2023-23505)

  - A vulnerability was found in vim and classified as problematic. Affected by this issue is the function     qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use     after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this     issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the     affected component. The identifier of this vulnerability is VDB-212324. (CVE-2022-3705)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS     Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy     preferences. (CVE-2023-23511)

  - The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3,     macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution.
    (CVE-2023-32393)

  - The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, watchOS 9.3, iOS     15.7.2 and iPadOS 15.7.2, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted     web content may lead to arbitrary code execution. (CVE-2023-23496)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS     Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2023-23517,     CVE-2023-23518)

  - The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app     may be able to disclose kernel memory. (CVE-2023-23501)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS     Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences. (CVE-2023-23508)

  - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote     attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-0108)

Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported version number.

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback.
This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
166592	SUSE SLES12 Security Update : curl (SUSE-SU-2022:3770-1)	Nessus	SuSE Local Security Checks	10/27/2022	7/13/2023	critical
166622	Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Multiple Vulnerabilities (SSA:2022-299-01)	Nessus	Slackware Local Security Checks	10/27/2022	10/6/2023	critical
170145	Oracle MySQL Server 5.7.x < 5.7.41 (Jan 2023 CPU)	Nessus	Databases	1/18/2023	4/18/2025	critical
170403	RHEL 9 : curl (RHSA-2023:0333)	Nessus	Red Hat Local Security Checks	1/23/2023	11/7/2024	critical
175186	EulerOS Virtualization 3.0.2.0 : curl (EulerOS-SA-2023-1715)	Nessus	Huawei Local Security Checks	5/7/2023	5/7/2023	critical
177190	EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2023-2235)	Nessus	Huawei Local Security Checks	6/13/2023	6/19/2023	critical
170445	macOS 13.x < 13.2 Multiple Vulnerabilities (HT213605)	Nessus	MacOS X Local Security Checks	1/24/2023	6/5/2024	critical
504008	Siemens SIMATIC S7-1500 Expected Behavior Violation (CVE-2022-32221)	Tenable OT Security	Tenable.ot	11/13/2025	11/13/2025	high

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical

high