Total vulnerabilities in the database
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
| Software | From | Fixed in |
|---|---|---|
| haxx / curl | 7.61.0 | 7.76.1.x |
| oracle / mysql_server | 8.0.0 | 8.0.25.x |
| oracle / essbase | 21.0 | 21.3 |
| oracle / essbase | - | 11.1.2.4.047 |
| oracle / mysql_server | - | 5.7.34.x |
| oracle / communications_cloud_native_core_network_slice_selection_function | 1.8.0 | 1.8.0.x |
| oracle / communications_cloud_native_core_network_repository_function | 1.15.0 | 1.15.0.x |
| oracle / communications_cloud_native_core_network_function_cloud_native_environment | 1.10.0 | 1.10.0.x |
| oracle / communications_cloud_native_core_service_communication_proxy | 1.15.0 | 1.15.0.x |
| oracle / communications_cloud_native_core_network_repository_function | 1.15.1 | 1.15.1.x |
| oracle / communications_cloud_native_core_binding_support_function | 1.11.0 | 1.11.0.x |
| siemens / sinec_infrastructure_network_services | - | 1.0.1.1 |
| splunk / universal_forwarder | 9.1.0 | 9.1.0.x |
| splunk / universal_forwarder | 9.0.0 | 9.0.6 |
| splunk / universal_forwarder | 8.2.0 | 8.2.12 |