Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released
Patches have been released for two security flaws impacting the Curl data transfer library, the most severe of which could potentially result in code execution
Stay informed on the latest CVE entries. Explore critical vulnerabilities and exposures to safeguard your systems from cyber threats and attacks.
Search across headline titles and summaries.
Background for this topic.
CVE is a global system of standardized identifiers for publicly known cybersecurity vulnerabilities. Each record, typically written as CVE-YYYY-NNNN, gives a vulnerability a stable reference and usually includes a description, affected products or versions, and links to advisories or fixes. The CVE Program coordinates the assignment and publication of records through authorized organizations, allowing researchers, vendors, security tools, and defenders to discuss the same flaw without relying on different names.
Practitioners use CVE identifiers to match vulnerabilities across asset inventories, scanners, patch advisories, and threat-intelligence reports. A CVE is an identity, not a severity score or proof that a system is exploitable: prioritization should also consider the affected configuration, exposure, available mitigations, exploit activity, and business impact. Delays in identifying vulnerable versions can leave internet-facing services or embedded components exposed, while incomplete product-to-CVE mapping can cause missed remediation. Security teams should verify the affected versions and vendor guidance before patching or applying workarounds.
Patches have been released for two security flaws impacting the Curl data transfer library, the most severe of which could potentially result in code execution
More than 17,000 WordPress websites have been compromised in the month of September 2023 with malware known as Balada Injector, nearly twice the number of detections in August
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation
Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy)
Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called HTTP/2 Rapid Reset
A new security flaw has been disclosed in the libcue library impacting GNOME Linux systems that could be exploited to achieve remote code execution (RCE) on affected hosts
A recently disclosed critical flaw in Citrix NetScaler ADC and Gateway devices is being exploited by threat actors to conduct a credential harvesting campaign
The maintainers of the Curl library have released an advisory warning of two forthcoming security vulnerabilities that are expected to be addressed as part of updates released on October 11, 2023